aboutsummaryrefslogtreecommitdiff
path: root/en/security/bulletin/2018-09-01.html
diff options
context:
space:
mode:
Diffstat (limited to 'en/security/bulletin/2018-09-01.html')
-rw-r--r--en/security/bulletin/2018-09-01.html303
1 files changed, 179 insertions, 124 deletions
diff --git a/en/security/bulletin/2018-09-01.html b/en/security/bulletin/2018-09-01.html
index ff71b63b..8275bbcf 100644
--- a/en/security/bulletin/2018-09-01.html
+++ b/en/security/bulletin/2018-09-01.html
@@ -20,7 +20,7 @@
See the License for the specific language governing permissions and
limitations under the License.
-->
-<p><em>Published September 4, 2018</em></p>
+<p><em>Published September 4, 2018 | Updated September 5, 2018</em></p>
<p>
The Android Security Bulletin contains details of security vulnerabilities
@@ -31,10 +31,9 @@ all of these issues. To learn how to check a device's security patch level, see
</p>
<p>
Android partners are notified of all issues at least a month before
-publication. Source code patches for these issues will be released to the
-Android Open Source Project (AOSP) repository in the next 48 hours. We will
-revise this bulletin with the AOSP links when they are available.
-</p>
+publication. Source code patches for these issues have been released to the
+Android Open Source Project (AOSP) repository and linked from this bulletin.
+This bulletin also includes links to patches outside of AOSP.</p>
<p>
The most severe of these issues is a critical security vulnerability in Media
framework that could enable a remote attacker using a specially crafted file
@@ -115,18 +114,22 @@ an application that uses the library.</p>
<th>Updated AOSP versions</th>
</tr>
<tr>
- <td>CVE-2018-9466</td>
- <td>A-62151041</td>
- <td>RCE</td>
- <td>High</td>
- <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
+ <td>CVE-2018-9466</td>
+ <td><a
+href="https://android.googlesource.com/platform/external/libxml2/+/b730f8d3c15da4ac439f1184bf17a13021963ea9"
+class="external">A-62151041</a></td>
+ <td>RCE</td>
+ <td>High</td>
+ <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
</tr>
<tr>
- <td>CVE-2018-9467</td>
- <td>A-110955991</td>
- <td>EoP</td>
- <td>High</td>
- <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9</td>
+ <td>CVE-2018-9467</td>
+ <td><a
+href="https://android.googlesource.com/platform/libcore/+/518e8d27de9f32eb86bc3090ee2759ea93b9fb93"
+class="external">A-110955991</a></td>
+ <td>EoP</td>
+ <td>High</td>
+ <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9.0</td>
</tr>
</table>
@@ -150,29 +153,34 @@ an unprivileged process.</p>
<th>Updated AOSP versions</th>
</tr>
<tr>
- <td>CVE-2018-9469</td>
- <td>A-109824443</td>
- <td>EoP</td>
- <td>High</td>
- <td>7.1.1, 7.1.2, 8.0, 8.1, 9</td>
+ <td>CVE-2018-9469</td>
+ <td><a
+href="https://android.googlesource.com/platform/frameworks/base/+/623b2b604c4ffcd48f137379d6934537510665bf"
+class="external">A-109824443</a></td>
+ <td>EoP</td>
+ <td>High</td>
+ <td>7.1.1, 7.1.2, 8.0, 8.1, 9.0</td>
</tr>
<tr>
- <td>CVE-2018-9470</td>
- <td>A-78290481</td>
- <td>EoP</td>
- <td>High</td>
- <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9</td>
+ <td>CVE-2018-9470</td>
+ <td><a
+href="https://android.googlesource.com/platform/external/neven/+/86a561f79f97baa38e240f6296fe1192fa4a5c9c"
+class="external">A-78290481</a></td>
+ <td>EoP</td>
+ <td>High</td>
+ <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9.0</td>
</tr>
<tr>
- <td>CVE-2018-9471</td>
- <td>A-77599679</td>
- <td>EoP</td>
- <td>High</td>
- <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9</td>
+ <td>CVE-2018-9471</td>
+ <td><a
+href="https://android.googlesource.com/platform/frameworks/base/+/eabaff1c7f02906e568997bdd7dc43006655387e"
+class="external">A-77599679</a></td>
+ <td>EoP</td>
+ <td>High</td>
+ <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9.0</td>
</tr>
</table>
-
<h3 id="library">Library</h3>
<p>The most severe vulnerability in this section could enable a remote attacker
using a specially crafted file to execute arbitrary code within the context of
@@ -193,7 +201,9 @@ an application that uses the library.</p>
</tr>
<tr>
<td>CVE-2018-9472</td>
- <td>A-79662501</td>
+ <td><a
+href="https://android.googlesource.com/platform/external/libxml2/+/b730f8d3c15da4ac439f1184bf17a13021963ea9"
+class="external">A-79662501</a></td>
<td>RCE</td>
<td>High</td>
<td>7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
@@ -220,18 +230,25 @@ additional permissions.</p>
<th>Updated AOSP versions</th>
</tr>
<tr>
- <td>CVE-2018-9474</td>
- <td>A-77600398</td>
- <td>EoP</td>
- <td>High</td>
- <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9</td>
+ <td>CVE-2018-9474</td>
+ <td><a
+href="https://android.googlesource.com/platform/frameworks/base/+/586b9102f322731d604e6280143e16cb6f1c9f76"
+class="external">A-77600398</a></td>
+ <td>EoP</td>
+ <td>High</td>
+ <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9.0</td>
</tr>
<tr>
- <td>CVE-2018-9440</td>
- <td>A-77823362</td>
- <td>DoS</td>
- <td>Moderate</td>
- <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9</td>
+ <td>CVE-2018-9440</td>
+ <td><a
+href="https://android.googlesource.com/platform/frameworks/av/+/8033f4a227e03f97a0f1d9975dc24bcb4ca61f74"
+class="external">A-77823362</a>
+[<a
+href="https://android.googlesource.com/platform/frameworks/av/+/2870acaa4c58cf59758a74b6390615a421f14268"
+class="external">2</a>]</td>
+ <td>DoS</td>
+ <td>Moderate</td>
+ <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9.0</td>
</tr>
</table>
@@ -254,103 +271,131 @@ permissions.</p>
<th>Severity</th>
<th>Updated AOSP versions</th>
</tr>
- <tr>
- <td>CVE-2018-9475</td>
- <td>A-79266386</td>
- <td>EoP</td>
- <td>Critical</td>
- <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9</td>
+ <tr>
+ <td>CVE-2018-9475</td>
+ <td><a
+href="https://android.googlesource.com/platform/system/bt/+/43cd528a444d0cc5bbf3beb22cd583289bcf7334"
+class="external">A-79266386</a></td>
+ <td>EoP</td>
+ <td>Critical</td>
+ <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9.0</td>
</tr>
<tr>
- <td>CVE-2018-9478</td>
- <td>A-79217522</td>
- <td>EoP</td>
- <td>Critical</td>
- <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9</td>
+ <td>CVE-2018-9478</td>
+ <td><a
+href="https://android.googlesource.com/platform/system/bt/+/68688194eade113ad31687a730e8d4102ada58d5"
+class="external">A-79217522</a></td>
+ <td>EoP</td>
+ <td>Critical</td>
+ <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9.0</td>
</tr>
<tr>
- <td>CVE-2018-9479</td>
- <td>A-79217770</td>
- <td>EoP</td>
- <td>Critical</td>
- <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9</td>
+ <td>CVE-2018-9479</td>
+ <td><a
+href="https://android.googlesource.com/platform/system/bt/+/68688194eade113ad31687a730e8d4102ada58d5"
+class="external">A-79217770</a></td>
+ <td>EoP</td>
+ <td>Critical</td>
+ <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9.0</td>
</tr>
<tr>
- <td>CVE-2018-9456</td>
- <td>A-78136869</td>
- <td>DoS</td>
- <td>High</td>
- <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
+ <td>CVE-2018-9456</td>
+ <td><a
+href="https://android.googlesource.com/platform/system/bt/+/04be7ae5771ee1edc6cbe2af26998755d7be5a68"
+class="external">A-78136869</a></td>
+ <td>DoS</td>
+ <td>High</td>
+ <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1</td>
</tr>
<tr>
- <td>CVE-2018-9477</td>
- <td>A-92497653</td>
- <td>EoP</td>
- <td>High</td>
- <td>8.0, 8.1</td>
+ <td>CVE-2018-9477</td>
+ <td><a
+href="https://android.googlesource.com/platform/packages/apps/Settings/+/3eec10e4a8daf8f07127341fbc45bef539c8d790"
+class="external">A-92497653</a></td>
+ <td>EoP</td>
+ <td>High</td>
+ <td>8.0, 8.1</td>
</tr>
<tr>
- <td>CVE-2018-9480</td>
- <td>A-109757168</td>
- <td>ID</td>
- <td>High</td>
- <td>8.0, 8.1, 9</td>
+ <td>CVE-2018-9480</td>
+ <td><a
+href="https://android.googlesource.com/platform/system/bt/+/75c22982624fb530bc1d57aba6c1e46e7881d6ba"
+class="external">A-109757168</a></td>
+ <td>ID</td>
+ <td>High</td>
+ <td>8.0, 8.1, 9.0</td>
</tr>
<tr>
- <td>CVE-2018-9481</td>
- <td>A-109757435</td>
- <td>ID</td>
- <td>High</td>
- <td>8.0, 8.1, 9</td>
+ <td>CVE-2018-9481</td>
+ <td><a
+href="https://android.googlesource.com/platform/system/bt/+/75c22982624fb530bc1d57aba6c1e46e7881d6ba"
+class="external">A-109757435</a></td>
+ <td>ID</td>
+ <td>High</td>
+ <td>8.0, 8.1, 9.0</td>
</tr>
<tr>
- <td>CVE-2018-9482</td>
- <td>A-109757986</td>
- <td>ID</td>
- <td>High</td>
- <td>8.0, 8.1, 9</td>
+ <td>CVE-2018-9482</td>
+ <td><a
+href="https://android.googlesource.com/platform/system/bt/+/75c22982624fb530bc1d57aba6c1e46e7881d6ba"
+class="external">A-109757986</a></td>
+ <td>ID</td>
+ <td>High</td>
+ <td>8.0, 8.1, 9.0</td>
</tr>
<tr>
- <td>CVE-2018-9483</td>
- <td>A-110216173</td>
- <td>ID</td>
- <td>High</td>
- <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9</td>
+ <td>CVE-2018-9483</td>
+ <td><a
+href="https://android.googlesource.com/platform/system/bt/+/d3689fb0ddcdede16c13250a7a30ca76b113c9c1"
+class="external">A-110216173</a></td>
+ <td>ID</td>
+ <td>High</td>
+ <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9.0</td>
</tr>
<tr>
- <td>CVE-2018-9484</td>
- <td>A-79488381</td>
- <td>ID</td>
- <td>High</td>
- <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9</td>
+ <td>CVE-2018-9484</td>
+ <td><a
+href="https://android.googlesource.com/platform/system/bt/+/d5b44f6522c3294d6f5fd71bc6670f625f716460"
+class="external">A-79488381</a></td>
+ <td>ID</td>
+ <td>High</td>
+ <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9.0</td>
</tr>
<tr>
- <td>CVE-2018-9485</td>
- <td>A-80261585</td>
- <td>ID</td>
- <td>High</td>
- <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9</td>
+ <td>CVE-2018-9485</td>
+ <td><a
+href="https://android.googlesource.com/platform/system/bt/+/bdbabb2ca4ebb4dc5971d3d42cb12f8048e23a23"
+class="external">A-80261585</a></td>
+ <td>ID</td>
+ <td>High</td>
+ <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9.0</td>
</tr>
<tr>
- <td>CVE-2018-9486</td>
- <td>A-80493272</td>
- <td>ID</td>
- <td>High</td>
- <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9</td>
+ <td>CVE-2018-9486</td>
+ <td><a
+href="https://android.googlesource.com/platform/system/bt/+/bc6aef4f29387d07e0c638c9db810c6c1193f75b"
+class="external">A-80493272</a></td>
+ <td>ID</td>
+ <td>High</td>
+ <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9.0</td>
</tr>
<tr>
- <td>CVE-2018-9487</td>
- <td>A-69873852</td>
- <td>DoS</td>
- <td>High</td>
- <td>8.0, 8.1, 9</td>
+ <td>CVE-2018-9487</td>
+ <td><a
+href="https://android.googlesource.com/platform/frameworks/base/+/cf6784bfbf713aaa54d8da77e9481b3f02784246"
+class="external">A-69873852</a></td>
+ <td>DoS</td>
+ <td>High</td>
+ <td>8.0, 8.1, 9.0</td>
</tr>
<tr>
- <td>CVE-2018-9488</td>
- <td>A-110107376</td>
- <td>EoP</td>
- <td>Moderate</td>
- <td>8.0, 8.1, 9</td>
+ <td>CVE-2018-9488</td>
+ <td><a
+href="https://android.googlesource.com/platform/system/sepolicy/+/d4e094e2b1a47c1fea1799d9fade19e953a7ca1b"
+class="external">A-110107376</a></td>
+ <td>EoP</td>
+ <td>Moderate</td>
+ <td>8.0, 8.1, 9.0</td>
</tr>
</table>
@@ -374,18 +419,22 @@ a privileged process.</p>
<th>Updated AOSP versions</th>
</tr>
<tr>
- <td>CVE-2018-9411</td>
- <td>A-79376389</td>
- <td>RCE</td>
- <td>Critical</td>
- <td>8.0, 8.1, 9</td>
+ <td>CVE-2018-9411</td>
+ <td><a
+href="https://android.googlesource.com/platform/system/libhidl/+/93484b9b015d47c0f7e5f4449a214b2fed8bed4f"
+class="external">A-79376389</a></td>
+ <td>RCE</td>
+ <td>Critical</td>
+ <td>8.0, 8.1, 9.0</td>
</tr>
<tr>
- <td>CVE-2018-9427</td>
- <td>A-77486542</td>
- <td>RCE</td>
- <td>Critical</td>
- <td>8.0, 8.1, 9</td>
+ <td>CVE-2018-9427</td>
+ <td><a
+href="https://android.googlesource.com/platform/frameworks/av/+/29d991fac25b261a72ce73f96c9df594ea5b9242"
+class="external">A-77486542</a></td>
+ <td>RCE</td>
+ <td>Critical</td>
+ <td>8.0, 8.1, 9.0</td>
</tr>
</table>
@@ -423,7 +472,8 @@ from other applications.</p>
</tr>
<tr>
<td>CVE-2018-9468</td>
- <td>A-111084083</td>
+ <td><a href="https://android.googlesource.com/platform/packages/providers/DownloadProvider/+/544294737dfc3b585465302f1f784a311659a37c#"
+ class="external">A-111084083</a></td>
<td>ID</td>
<td>High</td>
<td>7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9</td>
@@ -902,6 +952,11 @@ their own security websites, such as the
<td>September 4, 2018</td>
<td>Bulletin published.</td>
</tr>
+ <tr>
+ <td>1.1</td>
+ <td>September 5, 2018</td>
+ <td>Bulletin revised to include AOSP links.</td>
+ </tr>
</table>
</body></html>
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-04 13:28:20 +0000