diff options
Diffstat (limited to 'en/security/bulletin/2018-09-01.html')
-rw-r--r-- | en/security/bulletin/2018-09-01.html | 303 |
1 files changed, 179 insertions, 124 deletions
diff --git a/en/security/bulletin/2018-09-01.html b/en/security/bulletin/2018-09-01.html index ff71b63b..8275bbcf 100644 --- a/en/security/bulletin/2018-09-01.html +++ b/en/security/bulletin/2018-09-01.html @@ -20,7 +20,7 @@ See the License for the specific language governing permissions and limitations under the License. --> -<p><em>Published September 4, 2018</em></p> +<p><em>Published September 4, 2018 | Updated September 5, 2018</em></p> <p> The Android Security Bulletin contains details of security vulnerabilities @@ -31,10 +31,9 @@ all of these issues. To learn how to check a device's security patch level, see </p> <p> Android partners are notified of all issues at least a month before -publication. Source code patches for these issues will be released to the -Android Open Source Project (AOSP) repository in the next 48 hours. We will -revise this bulletin with the AOSP links when they are available. -</p> +publication. Source code patches for these issues have been released to the +Android Open Source Project (AOSP) repository and linked from this bulletin. +This bulletin also includes links to patches outside of AOSP.</p> <p> The most severe of these issues is a critical security vulnerability in Media framework that could enable a remote attacker using a specially crafted file @@ -115,18 +114,22 @@ an application that uses the library.</p> <th>Updated AOSP versions</th> </tr> <tr> - <td>CVE-2018-9466</td> - <td>A-62151041</td> - <td>RCE</td> - <td>High</td> - <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1</td> + <td>CVE-2018-9466</td> + <td><a +href="https://android.googlesource.com/platform/external/libxml2/+/b730f8d3c15da4ac439f1184bf17a13021963ea9" +class="external">A-62151041</a></td> + <td>RCE</td> + <td>High</td> + <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1</td> </tr> <tr> - <td>CVE-2018-9467</td> - <td>A-110955991</td> - <td>EoP</td> - <td>High</td> - <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9</td> + <td>CVE-2018-9467</td> + <td><a +href="https://android.googlesource.com/platform/libcore/+/518e8d27de9f32eb86bc3090ee2759ea93b9fb93" +class="external">A-110955991</a></td> + <td>EoP</td> + <td>High</td> + <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9.0</td> </tr> </table> @@ -150,29 +153,34 @@ an unprivileged process.</p> <th>Updated AOSP versions</th> </tr> <tr> - <td>CVE-2018-9469</td> - <td>A-109824443</td> - <td>EoP</td> - <td>High</td> - <td>7.1.1, 7.1.2, 8.0, 8.1, 9</td> + <td>CVE-2018-9469</td> + <td><a +href="https://android.googlesource.com/platform/frameworks/base/+/623b2b604c4ffcd48f137379d6934537510665bf" +class="external">A-109824443</a></td> + <td>EoP</td> + <td>High</td> + <td>7.1.1, 7.1.2, 8.0, 8.1, 9.0</td> </tr> <tr> - <td>CVE-2018-9470</td> - <td>A-78290481</td> - <td>EoP</td> - <td>High</td> - <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9</td> + <td>CVE-2018-9470</td> + <td><a +href="https://android.googlesource.com/platform/external/neven/+/86a561f79f97baa38e240f6296fe1192fa4a5c9c" +class="external">A-78290481</a></td> + <td>EoP</td> + <td>High</td> + <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9.0</td> </tr> <tr> - <td>CVE-2018-9471</td> - <td>A-77599679</td> - <td>EoP</td> - <td>High</td> - <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9</td> + <td>CVE-2018-9471</td> + <td><a +href="https://android.googlesource.com/platform/frameworks/base/+/eabaff1c7f02906e568997bdd7dc43006655387e" +class="external">A-77599679</a></td> + <td>EoP</td> + <td>High</td> + <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9.0</td> </tr> </table> - <h3 id="library">Library</h3> <p>The most severe vulnerability in this section could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of @@ -193,7 +201,9 @@ an application that uses the library.</p> </tr> <tr> <td>CVE-2018-9472</td> - <td>A-79662501</td> + <td><a +href="https://android.googlesource.com/platform/external/libxml2/+/b730f8d3c15da4ac439f1184bf17a13021963ea9" +class="external">A-79662501</a></td> <td>RCE</td> <td>High</td> <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1</td> @@ -220,18 +230,25 @@ additional permissions.</p> <th>Updated AOSP versions</th> </tr> <tr> - <td>CVE-2018-9474</td> - <td>A-77600398</td> - <td>EoP</td> - <td>High</td> - <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9</td> + <td>CVE-2018-9474</td> + <td><a +href="https://android.googlesource.com/platform/frameworks/base/+/586b9102f322731d604e6280143e16cb6f1c9f76" +class="external">A-77600398</a></td> + <td>EoP</td> + <td>High</td> + <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9.0</td> </tr> <tr> - <td>CVE-2018-9440</td> - <td>A-77823362</td> - <td>DoS</td> - <td>Moderate</td> - <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9</td> + <td>CVE-2018-9440</td> + <td><a +href="https://android.googlesource.com/platform/frameworks/av/+/8033f4a227e03f97a0f1d9975dc24bcb4ca61f74" +class="external">A-77823362</a> +[<a +href="https://android.googlesource.com/platform/frameworks/av/+/2870acaa4c58cf59758a74b6390615a421f14268" +class="external">2</a>]</td> + <td>DoS</td> + <td>Moderate</td> + <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9.0</td> </tr> </table> @@ -254,103 +271,131 @@ permissions.</p> <th>Severity</th> <th>Updated AOSP versions</th> </tr> - <tr> - <td>CVE-2018-9475</td> - <td>A-79266386</td> - <td>EoP</td> - <td>Critical</td> - <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9</td> + <tr> + <td>CVE-2018-9475</td> + <td><a +href="https://android.googlesource.com/platform/system/bt/+/43cd528a444d0cc5bbf3beb22cd583289bcf7334" +class="external">A-79266386</a></td> + <td>EoP</td> + <td>Critical</td> + <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9.0</td> </tr> <tr> - <td>CVE-2018-9478</td> - <td>A-79217522</td> - <td>EoP</td> - <td>Critical</td> - <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9</td> + <td>CVE-2018-9478</td> + <td><a +href="https://android.googlesource.com/platform/system/bt/+/68688194eade113ad31687a730e8d4102ada58d5" +class="external">A-79217522</a></td> + <td>EoP</td> + <td>Critical</td> + <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9.0</td> </tr> <tr> - <td>CVE-2018-9479</td> - <td>A-79217770</td> - <td>EoP</td> - <td>Critical</td> - <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9</td> + <td>CVE-2018-9479</td> + <td><a +href="https://android.googlesource.com/platform/system/bt/+/68688194eade113ad31687a730e8d4102ada58d5" +class="external">A-79217770</a></td> + <td>EoP</td> + <td>Critical</td> + <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9.0</td> </tr> <tr> - <td>CVE-2018-9456</td> - <td>A-78136869</td> - <td>DoS</td> - <td>High</td> - <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1</td> + <td>CVE-2018-9456</td> + <td><a +href="https://android.googlesource.com/platform/system/bt/+/04be7ae5771ee1edc6cbe2af26998755d7be5a68" +class="external">A-78136869</a></td> + <td>DoS</td> + <td>High</td> + <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1</td> </tr> <tr> - <td>CVE-2018-9477</td> - <td>A-92497653</td> - <td>EoP</td> - <td>High</td> - <td>8.0, 8.1</td> + <td>CVE-2018-9477</td> + <td><a +href="https://android.googlesource.com/platform/packages/apps/Settings/+/3eec10e4a8daf8f07127341fbc45bef539c8d790" +class="external">A-92497653</a></td> + <td>EoP</td> + <td>High</td> + <td>8.0, 8.1</td> </tr> <tr> - <td>CVE-2018-9480</td> - <td>A-109757168</td> - <td>ID</td> - <td>High</td> - <td>8.0, 8.1, 9</td> + <td>CVE-2018-9480</td> + <td><a +href="https://android.googlesource.com/platform/system/bt/+/75c22982624fb530bc1d57aba6c1e46e7881d6ba" +class="external">A-109757168</a></td> + <td>ID</td> + <td>High</td> + <td>8.0, 8.1, 9.0</td> </tr> <tr> - <td>CVE-2018-9481</td> - <td>A-109757435</td> - <td>ID</td> - <td>High</td> - <td>8.0, 8.1, 9</td> + <td>CVE-2018-9481</td> + <td><a +href="https://android.googlesource.com/platform/system/bt/+/75c22982624fb530bc1d57aba6c1e46e7881d6ba" +class="external">A-109757435</a></td> + <td>ID</td> + <td>High</td> + <td>8.0, 8.1, 9.0</td> </tr> <tr> - <td>CVE-2018-9482</td> - <td>A-109757986</td> - <td>ID</td> - <td>High</td> - <td>8.0, 8.1, 9</td> + <td>CVE-2018-9482</td> + <td><a +href="https://android.googlesource.com/platform/system/bt/+/75c22982624fb530bc1d57aba6c1e46e7881d6ba" +class="external">A-109757986</a></td> + <td>ID</td> + <td>High</td> + <td>8.0, 8.1, 9.0</td> </tr> <tr> - <td>CVE-2018-9483</td> - <td>A-110216173</td> - <td>ID</td> - <td>High</td> - <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9</td> + <td>CVE-2018-9483</td> + <td><a +href="https://android.googlesource.com/platform/system/bt/+/d3689fb0ddcdede16c13250a7a30ca76b113c9c1" +class="external">A-110216173</a></td> + <td>ID</td> + <td>High</td> + <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9.0</td> </tr> <tr> - <td>CVE-2018-9484</td> - <td>A-79488381</td> - <td>ID</td> - <td>High</td> - <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9</td> + <td>CVE-2018-9484</td> + <td><a +href="https://android.googlesource.com/platform/system/bt/+/d5b44f6522c3294d6f5fd71bc6670f625f716460" +class="external">A-79488381</a></td> + <td>ID</td> + <td>High</td> + <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9.0</td> </tr> <tr> - <td>CVE-2018-9485</td> - <td>A-80261585</td> - <td>ID</td> - <td>High</td> - <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9</td> + <td>CVE-2018-9485</td> + <td><a +href="https://android.googlesource.com/platform/system/bt/+/bdbabb2ca4ebb4dc5971d3d42cb12f8048e23a23" +class="external">A-80261585</a></td> + <td>ID</td> + <td>High</td> + <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9.0</td> </tr> <tr> - <td>CVE-2018-9486</td> - <td>A-80493272</td> - <td>ID</td> - <td>High</td> - <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9</td> + <td>CVE-2018-9486</td> + <td><a +href="https://android.googlesource.com/platform/system/bt/+/bc6aef4f29387d07e0c638c9db810c6c1193f75b" +class="external">A-80493272</a></td> + <td>ID</td> + <td>High</td> + <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9.0</td> </tr> <tr> - <td>CVE-2018-9487</td> - <td>A-69873852</td> - <td>DoS</td> - <td>High</td> - <td>8.0, 8.1, 9</td> + <td>CVE-2018-9487</td> + <td><a +href="https://android.googlesource.com/platform/frameworks/base/+/cf6784bfbf713aaa54d8da77e9481b3f02784246" +class="external">A-69873852</a></td> + <td>DoS</td> + <td>High</td> + <td>8.0, 8.1, 9.0</td> </tr> <tr> - <td>CVE-2018-9488</td> - <td>A-110107376</td> - <td>EoP</td> - <td>Moderate</td> - <td>8.0, 8.1, 9</td> + <td>CVE-2018-9488</td> + <td><a +href="https://android.googlesource.com/platform/system/sepolicy/+/d4e094e2b1a47c1fea1799d9fade19e953a7ca1b" +class="external">A-110107376</a></td> + <td>EoP</td> + <td>Moderate</td> + <td>8.0, 8.1, 9.0</td> </tr> </table> @@ -374,18 +419,22 @@ a privileged process.</p> <th>Updated AOSP versions</th> </tr> <tr> - <td>CVE-2018-9411</td> - <td>A-79376389</td> - <td>RCE</td> - <td>Critical</td> - <td>8.0, 8.1, 9</td> + <td>CVE-2018-9411</td> + <td><a +href="https://android.googlesource.com/platform/system/libhidl/+/93484b9b015d47c0f7e5f4449a214b2fed8bed4f" +class="external">A-79376389</a></td> + <td>RCE</td> + <td>Critical</td> + <td>8.0, 8.1, 9.0</td> </tr> <tr> - <td>CVE-2018-9427</td> - <td>A-77486542</td> - <td>RCE</td> - <td>Critical</td> - <td>8.0, 8.1, 9</td> + <td>CVE-2018-9427</td> + <td><a +href="https://android.googlesource.com/platform/frameworks/av/+/29d991fac25b261a72ce73f96c9df594ea5b9242" +class="external">A-77486542</a></td> + <td>RCE</td> + <td>Critical</td> + <td>8.0, 8.1, 9.0</td> </tr> </table> @@ -423,7 +472,8 @@ from other applications.</p> </tr> <tr> <td>CVE-2018-9468</td> - <td>A-111084083</td> + <td><a href="https://android.googlesource.com/platform/packages/providers/DownloadProvider/+/544294737dfc3b585465302f1f784a311659a37c#" + class="external">A-111084083</a></td> <td>ID</td> <td>High</td> <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9</td> @@ -902,6 +952,11 @@ their own security websites, such as the <td>September 4, 2018</td> <td>Bulletin published.</td> </tr> + <tr> + <td>1.1</td> + <td>September 5, 2018</td> + <td>Bulletin revised to include AOSP links.</td> + </tr> </table> </body></html> |