diff options
Diffstat (limited to 'en/security/bulletin')
| -rw-r--r-- | en/security/bulletin/2018-04-01.html | 13 | ||||
| -rw-r--r-- | en/security/bulletin/2018-05-01.html | 604 | ||||
| -rw-r--r-- | en/security/bulletin/2018.html | 23 | ||||
| -rw-r--r-- | en/security/bulletin/_translation.yaml | 4 | ||||
| -rw-r--r-- | en/security/bulletin/index.html | 23 | ||||
| -rw-r--r-- | en/security/bulletin/pixel/2018-05-01.html | 619 | ||||
| -rw-r--r-- | en/security/bulletin/pixel/2018.html | 23 | ||||
| -rw-r--r-- | en/security/bulletin/pixel/index.html | 25 |
8 files changed, 1310 insertions, 24 deletions
diff --git a/en/security/bulletin/2018-04-01.html b/en/security/bulletin/2018-04-01.html index 21bb5aa5..567a352d 100644 --- a/en/security/bulletin/2018-04-01.html +++ b/en/security/bulletin/2018-04-01.html @@ -385,13 +385,6 @@ process.</p> <td>NFC driver</td> </tr> <tr> - <td>CVE-2017-5754</td> - <td>A-69856074<a href="#asterisk">*</a></td> - <td>ID</td> - <td>High</td> - <td>Memory mapping</td> - </tr> - <tr> <td>CVE-2017-16534</td> <td>A-69052594<br /> <a href="https://github.com/torvalds/linux/commit/2e1c42391ff2556387b3cb6308b24f6f65619feb"> @@ -2696,5 +2689,11 @@ security bulletins. <td>April 4, 2018</td> <td>Bulletin revised to include AOSP links.</td> </tr> + <tr> + <td>1.2</td> + <td>May 1, 2018</td> + <td>Bulletin revised to remove CVE-2017-5754 from the Kernel Components section. It now appears + in the May 2018 bulletin.</td> + </tr> </table> </body></html> diff --git a/en/security/bulletin/2018-05-01.html b/en/security/bulletin/2018-05-01.html new file mode 100644 index 00000000..bc45a35b --- /dev/null +++ b/en/security/bulletin/2018-05-01.html @@ -0,0 +1,604 @@ +<html devsite> + <head> + <title>Android Security Bulletin—May 2018</title> + <meta name="project_path" value="/_project.yaml" /> + <meta name="book_path" value="/_book.yaml" /> + </head> + <body> + <!-- + Copyright 2018 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + //www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> + +<p><em>Published May 7, 2018</em></p> + +<p> +The Android Security Bulletin contains details of security vulnerabilities +affecting Android devices. Security patch levels of 2018-05-05 or later address +all of these issues. To learn how to check a device's security patch level, see +<a href="https://support.google.com/pixelphone/answer/4457705">Check & update +your Android version</a>. +</p> +<p> +Android partners are notified of all issues at least a month before publication. +Source code patches for these issues will be released to the Android Open Source +Project (AOSP) repository in the next 48 hours. We will revise this bulletin with +the AOSP links when they are available. +</p> +<p> +The most severe of these issues is a critical security vulnerability in Media +framework that could enable a remote attacker using a specially crafted file to +execute arbitrary code within the context of a privileged process. The +<a href="/security/overview/updates-resources.html#severity">severity +assessment</a> is based on the effect that exploiting the vulnerability would +possibly have on an affected device, assuming the platform and service +mitigations are turned off for development purposes or if successfully bypassed. +</p> +<p> +We have had no reports of active customer exploitation or abuse of these newly +reported issues. Refer to the <a href="#mitigations">Android and Google Play +Protect mitigations</a> section for details on the +<a href="/security/enhancements/index.html">Android security platform protections</a> +and Google Play Protect, which improve the security of the Android platform. +</p> +<p class="note"> +<strong>Note:</strong> Information on the latest over-the-air update (OTA) and +firmware images for Google devices is available in the +<a href="/security/bulletin/pixel/2018-05-01.html">May +2018 Pixel / Nexus Security Bulletin</a>. +</p> + + +<h2 id="mitigations">Android and Google service mitigations</h2> + +<p> +This is a summary of the mitigations provided by the +<a href="/security/enhancements/index.html">Android security platform</a> +and service protections such as +<a href="https://www.android.com/play-protect">Google Play Protect</a>. +These capabilities reduce the likelihood that security vulnerabilities +could be successfully exploited on Android. +</p> +<ul> +<li>Exploitation for many issues on Android is made more difficult by +enhancements in newer versions of the Android platform. We encourage all users +to update to the latest version of Android where possible.</li> +<li>The Android security team actively monitors for abuse through +<a href="https://www.android.com/play-protect">Google Play Protect</a> +and warns users about +<a href="/security/reports/Google_Android_Security_PHA_classifications.pdf">Potentially +Harmful Applications</a>. Google Play Protect is enabled by default on devices +with <a href="http://www.android.com/gms">Google Mobile Services</a>, and is +especially important for users who install apps from outside of Google +Play.</li> +</ul> + +<h2 id="2018-05-01-details">2018-05-01 security patch level vulnerability details</h2> + +<p> +In the sections below, we provide details for each of the security +vulnerabilities that apply to the 2018-05-01 patch level. Vulnerabilities are +grouped under the component that they affect. There is a description of the +issue and a table with the CVE, associated references, +<a href="#type">type of vulnerability</a>, +<a href="/security/overview/updates-resources.html#severity">severity</a>, +and updated AOSP versions (where applicable). When available, we link the public +change that addressed the issue to the bug ID, like the AOSP change list. When +multiple changes relate to a single bug, additional references are linked to +numbers following the bug ID. +</p> + +<h3 id="android-runtime">Android runtime</h3> +<p>The most severe vulnerability in this section could enable a remote attacker +to access data normally accessible only to locally installed applications with +permissions.</p> + +<table> + <col width="17%"> + <col width="19%"> + <col width="9%"> + <col width="14%"> + <col width="39%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Type</th> + <th>Severity</th> + <th>Updated AOSP versions</th> + </tr> + <tr> + <td>CVE-2017-13309</td> + <td>A-73251618</td> + <td>ID</td> + <td>High</td> + <td>8.1</td> + </tr> +</table> + + +<h3 id="framework">Framework</h3> +<p>The most severe vulnerability in this section could enable a local malicious +application to bypass user interaction requirements in order to gain access to +additional permissions.</p> + +<table> + <col width="17%"> + <col width="19%"> + <col width="9%"> + <col width="14%"> + <col width="39%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Type</th> + <th>Severity</th> + <th>Updated AOSP versions</th> + </tr> + <tr> + <td>CVE-2017-13310</td> + <td>A-71992105</td> + <td>EoP</td> + <td>High</td> + <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td> + </tr> + <tr> + <td>CVE-2017-13311</td> + <td>A-73252178</td> + <td>EoP</td> + <td>High</td> + <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1</td> + </tr> +</table> + + +<h3 id="media-framework">Media framework</h3> +<p>The most severe vulnerability in this section could enable a local malicious +application to bypass user interaction requirements in order to gain access to +additional permissions.</p> + +<table> + <col width="17%"> + <col width="19%"> + <col width="9%"> + <col width="14%"> + <col width="39%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Type</th> + <th>Severity</th> + <th>Updated AOSP versions</th> + </tr> + <tr> + <td>CVE-2017-13312</td> + <td>A-73085795</td> + <td>EoP</td> + <td>High</td> + <td>8.0</td> + </tr> + <tr> + <td>CVE-2017-13313</td> + <td>A-74114680</td> + <td>DoS</td> + <td>High</td> + <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td> + </tr> +</table> + + +<h3 id="system">System</h3> +<p>The most severe vulnerability in this section could enable a local malicious +application to bypass user interaction requirements in order to gain access to +additional permissions.</p> + +<table> + <col width="17%"> + <col width="19%"> + <col width="9%"> + <col width="14%"> + <col width="39%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Type</th> + <th>Severity</th> + <th>Updated AOSP versions</th> + </tr> + <tr> + <td>CVE-2017-13314</td> + <td>A-63000005</td> + <td>EoP</td> + <td>High</td> + <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1</td> + </tr> + <tr> + <td>CVE-2017-13315</td> + <td>A-70721937</td> + <td>EoP</td> + <td>High</td> + <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td> + </tr> +</table> + + +<h2 id="2018-05-05-details">2018-05-05 security patch level vulnerability details</h2> + +<p> +In the sections below, we provide details for each of the security +vulnerabilities that apply to the 2018-05-05 patch level. Vulnerabilities are +grouped under the component that they affect and include details such as the +CVE, associated references, <a href="#type">type of vulnerability</a>, +<a href="/security/overview/updates-resources.html#severity">severity</a>, +component (where applicable), and updated AOSP versions (where applicable). When +available, we link the public change that addressed the issue to the bug ID, +like the AOSP change list. When multiple changes relate to a single bug, +additional references are linked to numbers following the bug ID. +</p> + +<h3 id="kernel-components">Kernel components</h3> +<p>The most severe vulnerability in this section could enable a local malicious +application to bypass operating system protections that isolate application +data from other applications.</p> + +<table> + <col width="17%"> + <col width="19%"> + <col width="9%"> + <col width="14%"> + <col width="39%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Type</th> + <th>Severity</th> + <th>Component</th> + </tr> + <tr> + <td>CVE-2017-16643</td> + <td>A-69916367<br /> + <a href="https://github.com/torvalds/linux/commit/a50829479f58416a013a4ccca791336af3c584c7"> +Upstream kernel</a></td> + <td>ID</td> + <td>High</td> + <td>USB driver</td> + </tr> + <tr> + <td>CVE-2017-5754</td> + <td>A-69856074<a href="#asterisk">*</a></td> + <td>ID</td> + <td>High</td> + <td>Memory mapping</td> + </tr> +</table> + + +<h3 id="nvidia-components">NVIDIA components</h3> +<p>The most severe vulnerability in this section could enable a local malicious +application to execute arbitrary code within the context of the TEE.</p> + +<table> + <col width="17%"> + <col width="19%"> + <col width="9%"> + <col width="14%"> + <col width="39%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Type</th> + <th>Severity</th> + <th>Component</th> + </tr> + <tr> + <td>CVE-2017-6289</td> + <td>A-72830049<a href="#asterisk">*</a></td> + <td>EoP</td> + <td>Critical</td> + <td>TEE</td> + </tr> + <tr> + <td>CVE-2017-5715</td> + <td>A-71686116<a href="#asterisk">*</a></td> + <td>ID</td> + <td>High</td> + <td>TLK</td> + </tr> + <tr> + <td>CVE-2017-6293</td> + <td>A-69377364<a href="#asterisk">*</a></td> + <td>EoP</td> + <td>High</td> + <td>NVIDIA Tegra X1 TZ</td> + </tr> +</table> + + +<h3 id="qualcomm-components">Qualcomm components</h3> +<p>The most severe vulnerability in this section could enable a proximate +attacker using a specially crafted file to execute arbitrary code within the +context of a privileged process.</p> + +<table> + <col width="17%"> + <col width="19%"> + <col width="9%"> + <col width="14%"> + <col width="39%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Type</th> + <th>Severity</th> + <th>Component</th> + </tr> + <tr> + <td>CVE-2018-3580</td> + <td>A-72957507<br /> + <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=55dcc8d5ae9611e772a7ba572755192cf5415f04"> +QC-CR#2149187</a></td> + <td>RCE</td> + <td>Critical</td> + <td>WLAN</td> + </tr> + <tr> + <td>CVE-2018-5841</td> + <td>A-72957293<br /> + <a href="https://source.codeaurora.org/quic/la/kernel/msm-4.9/commit/?id=c3b82b337b1bbe854d330fc248b389b1ff11c248"> +QC-CR#2073502</a></td> + <td>EoP</td> + <td>High</td> + <td>DCC</td> + </tr> + <tr> + <td>CVE-2018-5850</td> + <td>A-72957135<br /> + <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=58b04ed29f44a8b49e0fa2f22b2a0ecf87324243"> +QC-CR#2141458</a></td> + <td>EoP</td> + <td>High</td> + <td>WLAN</td> + </tr> + <tr> + <td>CVE-2018-5846</td> + <td>A-71501683<br /> + <a href="https://source.codeaurora.org/quic/la/kernel/msm-4.9/commit/?id=616bb99045d728088b445123dfdff8eadcc27090"> +QC-CR#2120063</a></td> + <td>EoP</td> + <td>High</td> + <td>Radio internet packet accelerator</td> + </tr> + <tr> + <td>CVE-2018-5845</td> + <td>A-71501680<br /> + <a href="https://source.codeaurora.org/quic/la/kernel/msm-4.9/commit/?id=a989f5c6398175cc7354b9cdf0424449f8dd9860"> +QC-CR#2119081</a></td> + <td>EoP</td> + <td>High</td> + <td>GPU</td> + </tr> + <tr> + <td>CVE-2018-5840</td> + <td>A-71501678<br /> + <a href="https://source.codeaurora.org/quic/la/kernel/msm-4.9/commit/?id=5d1c951ee0e3b06f96736eed25869bbfaf77efbc"> +QC-CR#2052024</a></td> + <td>EoP</td> + <td>High</td> + <td>GPU</td> + </tr> + <tr> + <td>CVE-2017-18154</td> + <td>A-62872238<a href="#asterisk">*</a><br /> + QC-CR#2109325</td> + <td>EoP</td> + <td>High</td> + <td>Libgralloc</td> + </tr> + <tr> + <td>CVE-2018-3578</td> + <td>A-72956999<br /> + <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=0f22d9370eb848ee751a94a7ff472c335e934890"> +QC-CR#2145573</a></td> + <td>EoP</td> + <td>High</td> + <td>WLAN</td> + </tr> + <tr> + <td>CVE-2018-3565</td> + <td>A-72957234<br /> + <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=ab91234d52984a86a836561578c8ab85cf0b5f2f"> +QC-CR#2138555</a></td> + <td>EoP</td> + <td>High</td> + <td>WLAN</td> + </tr> + <tr> + <td>CVE-2017-13077</td> + <td>A-77481464<a href="#asterisk">*</a></td> + <td>EoP</td> + <td>High</td> + <td>WLAN</td> + </tr> + <tr> + <td>CVE-2018-3562</td> + <td>A-72957526<br /> + <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=7e82edc9f1ed60fa99dd4da29f91c4ad79470d7e">QC-CR#2147955</a> + [<a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=70a5ee609ef6199dfcd8cce6198edc6f48b16bec">2</a>]</td> + <td>DoS</td> + <td>High</td> + <td>WLAN</td> + </tr> +</table> + +<h2 id="common-questions-and-answers">Common questions and answers</h2> +<p> +This section answers common questions that may occur after reading this +bulletin.</p> + +<p><strong>1. How do I determine if my device is updated to address these issues? +</strong></p> +<p>To learn how to check a device's security patch level, see +<a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Check +and update your Android version</a>.</p> +<ul> +<li>Security patch levels of 2018-05-01 or later address all issues associated +with the 2018-05-01 security patch level.</li> +<li>Security patch levels of 2018-05-05 or later address all issues associated +with the 2018-05-05 security patch level and all previous patch levels.</li> +</ul> +<p> +Device manufacturers that include these updates should set the patch string +level to: +</p> +<ul> +<li>[ro.build.version.security_patch]:[2018-05-01]</li> +<li>[ro.build.version.security_patch]:[2018-05-05]</li> +</ul> +<p> +<strong>2. Why does this bulletin have two security patch levels?</strong> +</p> +<p> +This bulletin has two security patch levels so that Android partners have the +flexibility to fix a subset of vulnerabilities that are similar across all +Android devices more quickly. Android partners are encouraged to fix all issues +in this bulletin and use the latest security patch level. +</p> +<ul> +<li>Devices that use the 2018-05-01 security patch level must include all issues +associated with that security patch level, as well as fixes for all issues +reported in previous security bulletins.</li> +<li>Devices that use the security patch level of 2018-05-05 or newer must +include all applicable patches in this (and previous) security +bulletins.</li> +</ul> +<p> +Partners are encouraged to bundle the fixes for all issues they are addressing +in a single update. +</p> +<p id="type"> +<strong>3. What do the entries in the <em>Type</em> column mean?</strong> +</p> +<p> +Entries in the <em>Type</em> column of the vulnerability details table reference +the classification of the security vulnerability. +</p> +<table> + <col width="25%"> + <col width="75%"> + <tr> + <th>Abbreviation</th> + <th>Definition</th> + </tr> + <tr> + <td>RCE</td> + <td>Remote code execution</td> + </tr> + <tr> + <td>EoP</td> + <td>Elevation of privilege</td> + </tr> + <tr> + <td>ID</td> + <td>Information disclosure</td> + </tr> + <tr> + <td>DoS</td> + <td>Denial of service</td> + </tr> + <tr> + <td>N/A</td> + <td>Classification not available</td> + </tr> +</table> +<p> +<strong>4. What do the entries in the <em>References</em> column mean?</strong> +</p> +<p> +Entries under the <em>References</em> column of the vulnerability details table +may contain a prefix identifying the organization to which the reference value +belongs. +</p> +<table> + <col width="25%"> + <col width="75%"> + <tr> + <th>Prefix</th> + <th>Reference</th> + </tr> + <tr> + <td>A-</td> + <td>Android bug ID</td> + </tr> + <tr> + <td>QC-</td> + <td>Qualcomm reference number</td> + </tr> + <tr> + <td>M-</td> + <td>MediaTek reference number</td> + </tr> + <tr> + <td>N-</td> + <td>NVIDIA reference number</td> + </tr> + <tr> + <td>B-</td> + <td>Broadcom reference number</td> + </tr> +</table> +<p id="asterisk"> +<strong>5. What does a * next to the Android bug ID in the <em>References</em> +column mean?</strong> +</p> +<p> +Issues that are not publicly available have a * next to the Android bug ID in +the <em>References</em> column. The update for that issue is generally contained +in the latest binary drivers for Nexus devices available from the <a +href="https://developers.google.com/android/nexus/drivers">Google Developer +site</a>. +</p> +<p> +<strong>6. Why are security vulnerabilities split between this bulletin and +device/partner security bulletins, such as the Pixel / Nexus bulletin?</strong> +</p> +<p> +Security vulnerabilities that are documented in this security bulletin are +required in order to declare the latest security patch level on Android devices. +Additional security vulnerabilities that are documented in the +device / partner security bulletins are not required for declaring +a security patch level. Android device and chipset manufacturers are encouraged +to document the presence of other fixes on their devices through their own security +websites, such as the +<a href="https://security.samsungmobile.com/securityUpdate.smsb">Samsung</a>, +<a href="https://lgsecurity.lge.com/security_updates.html">LGE</a>, or +<a href="/security/bulletin/pixel/">Pixel / Nexus</a> +security bulletins. +</p> +<h2 id="versions">Versions</h2> +<table> + <col width="25%"> + <col width="25%"> + <col width="50%"> + <tr> + <th>Version</th> + <th>Date</th> + <th>Notes</th> + </tr> + <tr> + <td>1.0</td> + <td>May 7, 2018</td> + <td>Bulletin published.</td> + </tr> +</table> +</body> +</html> diff --git a/en/security/bulletin/2018.html b/en/security/bulletin/2018.html index 58c206cc..ec4bfbad 100644 --- a/en/security/bulletin/2018.html +++ b/en/security/bulletin/2018.html @@ -37,6 +37,22 @@ of all bulletins, see the <a href="/security/bulletin/index.html">Android Securi <th>Security patch level</th> </tr> <tr> + <td><a href="/security/bulletin/2018-05-01.html">May 2018</a></td> + <td>Coming soon + <!-- + <a href="/security/bulletin/2018-05-01.html">English</a> / + <a href="/security/bulletin/2018-05-01.html?hl=ja">日本語</a> / + <a href="/security/bulletin/2018-05-01.html?hl=ko">한국어</a> / + <a href="/security/bulletin/2018-05-01.html?hl=ru">ру́сский</a> / + <a href="/security/bulletin/2018-05-01.html?hl=zh-cn">中文 (中国)</a> / + <a href="/security/bulletin/2018-05-01.html?hl=zh-tw">中文 (台灣)</a> + --> + </td> + <td>May 7, 2018</td> + <td>2018-05-01<br> + 2018-05-05</td> + </tr> + <tr> <td><a href="/security/bulletin/2018-04-01.html">April 2018</a></td> <td>Coming soon <!-- @@ -49,19 +65,18 @@ of all bulletins, see the <a href="/security/bulletin/index.html">Android Securi --> </td> <td>April 2, 2018</td> - <td>2018-04-05</td> + <td>2018-04-01<br> + 2018-04-05</td> </tr> <tr> <td><a href="/security/bulletin/2018-03-01.html">March 2018</a></td> - <td>Coming soon - <!-- + <td> <a href="/security/bulletin/2018-03-01.html">English</a> / <a href="/security/bulletin/2018-03-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2018-03-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2018-03-01.html?hl=ru">ру́сский</a> / <a href="/security/bulletin/2018-03-01.html?hl=zh-cn">中文 (中国)</a> / <a href="/security/bulletin/2018-03-01.html?hl=zh-tw">中文 (台灣)</a> - --> </td> <td>March 2018</td> <td>2018-03-01<br> diff --git a/en/security/bulletin/_translation.yaml b/en/security/bulletin/_translation.yaml index af2c6b7f..37f58a17 100644 --- a/en/security/bulletin/_translation.yaml +++ b/en/security/bulletin/_translation.yaml @@ -31,6 +31,10 @@ ignore_paths: - /security/bulletin/2015-10-01 - /security/bulletin/2015-09-01 - /security/bulletin/2015-08-01 +- /security/bulletin/pixel/2017 +- /security/bulletin/pixel/2017-12-01 +- /security/bulletin/pixel/2017-11-01 +- /security/bulletin/pixel/2017-10-01 enable_continuous_translation: True title: Android Security Bulletins description: Translations for Android Security Bulletins diff --git a/en/security/bulletin/index.html b/en/security/bulletin/index.html index b4bac017..7761d8fd 100644 --- a/en/security/bulletin/index.html +++ b/en/security/bulletin/index.html @@ -68,6 +68,22 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi <th>Security patch level</th> </tr> <tr> + <td><a href="/security/bulletin/2018-05-01.html">May 2018</a></td> + <td>Coming soon + <!-- + <a href="/security/bulletin/2018-05-01.html">English</a> / + <a href="/security/bulletin/2018-05-01.html?hl=ja">日本語</a> / + <a href="/security/bulletin/2018-05-01.html?hl=ko">한국어</a> / + <a href="/security/bulletin/2018-05-01.html?hl=ru">ру́сский</a> / + <a href="/security/bulletin/2018-05-01.html?hl=zh-cn">中文 (中国)</a> / + <a href="/security/bulletin/2018-05-01.html?hl=zh-tw">中文 (台灣)</a> + --> + </td> + <td>May 7, 2018</td> + <td>2018-05-01<br> + 2018-05-05</td> + </tr> + <tr> <td><a href="/security/bulletin/2018-04-01.html">April 2018</a></td> <td>Coming soon <!-- @@ -80,19 +96,18 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi --> </td> <td>April 2, 2018</td> - <td>2018-04-05</td> + <td>2018-04-01<br> + 2018-04-05</td> </tr> <tr> <td><a href="/security/bulletin/2018-03-01.html">March 2018</a></td> - <td>Coming soon - <!-- + <td> <a href="/security/bulletin/2018-03-01.html">English</a> / <a href="/security/bulletin/2018-03-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/2018-03-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/2018-03-01.html?hl=ru">ру́сский</a> / <a href="/security/bulletin/2018-03-01.html?hl=zh-cn">中文 (中国)</a> / <a href="/security/bulletin/2018-03-01.html?hl=zh-tw">中文 (台灣)</a> - --> </td> <td>March 5, 2018</td> <td>2018-03-01<br> diff --git a/en/security/bulletin/pixel/2018-05-01.html b/en/security/bulletin/pixel/2018-05-01.html new file mode 100644 index 00000000..2532c0af --- /dev/null +++ b/en/security/bulletin/pixel/2018-05-01.html @@ -0,0 +1,619 @@ +<html devsite> + <head> + <title>Pixel / Nexus Security Bulletin—May 2018</title> + <meta name="project_path" value="/_project.yaml" /> + <meta name="book_path" value="/_book.yaml" /> + </head> + <body> + <!-- + Copyright 2018 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + //www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> + +<p><em>Published May 7, 2018</em></p> + +<p> +The Pixel / Nexus Security Bulletin contains details of security +vulnerabilities and functional improvements affecting +<a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">supported +Google Pixel and Nexus devices</a> (Google devices). +For Google devices, security patch levels of 2018-05-05 or later address all +issues in this bulletin and all issues in the May 2018 Android Security +Bulletin. To learn how to check a device's security patch level, see +<a href="https://support.google.com/pixelphone/answer/4457705">Check & update your +Android version</a>. +</p> +<p> +All supported Google devices will receive an update to the 2018-05-05 patch +level. We encourage all customers to accept these updates to their devices. +</p> +<p class="note"> +<strong>Note:</strong> The Google device firmware images are available on the +<a href="https://developers.google.com/android/nexus/images">Google Developer +site</a>. +</p> +<h2 id="announcements">Announcements</h2> +<p>In addition to the security vulnerabilities described in the May 2018 +Android Security Bulletin, Pixel and Nexus devices also contain patches for the +security vulnerabilities described below. Partners were notified of these issues +at least a month ago and may choose to incorporate them as part of their device +updates.</p> +<h2 id="security-patches">Security patches</h2> +<p> +Vulnerabilities are grouped under the component that they affect. There is a +description of the issue and a table with the CVE, associated references, +<a href="#type">type of vulnerability</a>, +<a href="https://source.android.com/security/overview/updates-resources.html#severity">severity</a>, +and updated Android Open Source Project (AOSP) versions (where applicable). When +available, we link the public change that addressed the issue to the bug ID, +like the AOSP change list. When multiple changes relate to a single bug, +additional references are linked to numbers following the bug ID. +</p> + +<h3 id="framework">Framework</h3> + +<table> + <col width="17%"> + <col width="19%"> + <col width="9%"> + <col width="14%"> + <col width="39%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Type</th> + <th>Severity</th> + <th>Updated AOSP versions</th> + </tr> + <tr> + <td>CVE-2017-13316</td> + <td>A-73311729</td> + <td>ID</td> + <td>Moderate</td> + <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td> + </tr> +</table> + +<h3 id="media-framework">Media framework</h3> + +<table> + <col width="17%"> + <col width="19%"> + <col width="9%"> + <col width="14%"> + <col width="39%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Type</th> + <th>Severity</th> + <th>Updated AOSP versions</th> + </tr> + <tr> + <td>CVE-2017-13317</td> + <td>A-73172046</td> + <td>ID</td> + <td>Moderate</td> + <td>8.1</td> + </tr> + <tr> + <td>CVE-2017-13318</td> + <td>A-73782357</td> + <td>ID</td> + <td>Moderate</td> + <td>8.1</td> + </tr> + <tr> + <td rowspan="2">CVE-2017-13319</td> + <td rowspan="2">A-71868329</td> + <td>ID</td> + <td>Moderate</td> + <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1</td> + </tr> + <tr> + <td>DoS</td> + <td>High</td> + <td>6.0, 6.0.1</td> + </tr> + <tr> + <td rowspan="2">CVE-2017-13320</td> + <td rowspan="2">A-72764648</td> + <td>ID</td> + <td>Moderate</td> + <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1</td> + </tr> + <tr> + <td>DoS</td> + <td>High</td> + <td>6.0, 6.0.1</td> + </tr> +</table> + +<h3 id="system">System</h3> + +<table> + <col width="17%"> + <col width="19%"> + <col width="9%"> + <col width="14%"> + <col width="39%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Type</th> + <th>Severity</th> + <th>Updated AOSP versions</th> + </tr> + <tr> + <td>CVE-2017-13323</td> + <td>A-73826242</td> + <td>EoP</td> + <td>Moderate</td> + <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td> + </tr> + <tr> + <td>CVE-2017-13321</td> + <td>A-70986337</td> + <td>ID</td> + <td>Moderate</td> + <td>8.0, 8.1</td> + </tr> + <tr> + <td>CVE-2017-13322</td> + <td>A-67862398</td> + <td>DoS</td> + <td>Moderate</td> + <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td> + </tr> +</table> + +<h3 id="kernel-components">Kernel components</h3> + +<table> + <col width="17%"> + <col width="19%"> + <col width="9%"> + <col width="14%"> + <col width="39%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Type</th> + <th>Severity</th> + <th>Component</th> + </tr> + <tr> + <td>CVE-2018-5344</td> + <td>A-72867809<br /> + <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ae6650163c66a7eff1acd6eb8b0f752dcfa8eba5"> +Upstream kernel</a></td> + <td>EoP</td> + <td>Moderate</td> + <td>Block driver</td> + </tr> + <tr> + <td>CVE-2017-15129</td> + <td>A-72961054<br /> + <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=21b5944350052d2583e82dd59b19a9ba94a007f0"> +Upstream kernel</a></td> + <td>EoP</td> + <td>Moderate</td> + <td>Network namespace</td> + </tr> +</table> + +<h3 id="nvidia-components">NVIDIA components</h3> + +<table> + <col width="17%"> + <col width="19%"> + <col width="9%"> + <col width="14%"> + <col width="39%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Type</th> + <th>Severity</th> + <th>Component</th> + </tr> + <tr> + <td>CVE-2018-6254</td> + <td>A-64340684<a href="#asterisk">*</a></td> + <td>ID</td> + <td>Moderate</td> + <td>Media server</td> + </tr> + <tr> + <td>CVE-2018-6246</td> + <td>A-69383916<a href="#asterisk">*</a></td> + <td>ID</td> + <td>Moderate</td> + <td>Widevine trustlet</td> + </tr> +</table> + + +<h3 id="qualcomm-components">Qualcomm components</h3> + + +<table> + <col width="17%"> + <col width="19%"> + <col width="9%"> + <col width="14%"> + <col width="39%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Type</th> + <th>Severity</th> + <th>Component</th> + </tr> + <tr> + <td>CVE-2018-5849</td> + <td>A-72957611<br /> + <a href="https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=b17c33ea2dafc8fd11b5050d750fefe0b53f226b"> +QC-CR#2131811</a></td> + <td>EoP</td> + <td>Moderate</td> + <td>QTEECOM</td> + </tr> + <tr> + <td>CVE-2018-5851</td> + <td>A-72957505<br /> + <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=103f385783f368cc5cd3c125390e6dfd43c36096">QC-CR#2146869</a> +[<a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=a9068fbb6bad55c9ecc80b9c3935969c8820c425">2</a>]</td> + <td>EoP</td> + <td>Moderate</td> + <td>WLAN</td> + </tr> + <tr> + <td>CVE-2018-5842</td> + <td>A-72957257<br /> + <a +href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=f05883b3d442a7eb9df46a6bde08f1d5cdfc8133">QC-CR#2113219</a> +[<a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=21b91d4faa275d7b1ae58ad6a549cfa801066dfe">2</a>]</td> + <td>EoP</td> + <td>Moderate</td> + <td>WLAN</td> + </tr> + <tr> + <td>CVE-2018-5848</td> + <td>A-72957178<br /> + <a href="https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=6e5a9b32503d37a202fccc5d24b189ae6107a256"> +QC-CR#2126062</a></td> + <td>EoP</td> + <td>Moderate</td> + <td>WIGIG</td> + </tr> + <tr> + <td>CVE-2018-5853</td> + <td>A-71714212<a href="#asterisk">*</a><br /> + QC-CR#2178082<br /> + QC-CR#2043277</td> + <td>EoP</td> + <td>Moderate</td> + <td>Networking subsystem</td> + </tr> + <tr> + <td>CVE-2018-5843</td> + <td>A-71501685<br /> + <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=ea4459a044783649b1695653f848647c68bee69d"> +QC-CR#2113385</a></td> + <td>EoP</td> + <td>Moderate</td> + <td>Modem driver</td> + </tr> + <tr> + <td>CVE-2018-5844</td> + <td>A-71501682<br /> + <a href="https://source.codeaurora.org/quic/la/kernel/msm-4.9/commit/?id=f8ed842bb3f4620eafa2669e0f534ce4c3ac6f07"> +QC-CR#2118860</a></td> + <td>EoP</td> + <td>Moderate</td> + <td>Video device</td> + </tr> + <tr> + <td>CVE-2018-5847</td> + <td>A-71501681<br /> + <a href="https://source.codeaurora.org/quic/la/kernel/msm-4.9/commit/?id=3ddf48ce0377d71c86ff09d199f0307dad39fdd5"> +QC-CR#2120955</a></td> + <td>EoP</td> + <td>Moderate</td> + <td>Snapdragon display engine</td> + </tr> + <tr> + <td>CVE-2018-3582</td> + <td>A-72956801<br /> + <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=db5ee07b422f0d49ecf992b0b050c9266b0eb8e7"> +QC-CR#2149531</a></td> + <td>EoP</td> + <td>Moderate</td> + <td>WLAN</td> + </tr> + <tr> + <td>CVE-2018-3581</td> + <td>A-72957725<br /> + <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=becb9c5aaa05137ce1002f77f8a7d9e7e0799268">QC-CR#2150359</a> + [<a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=43c8a7f083c56b2f6aeac6d77721f5a70bdba99c">2</a>]</td> + <td>EoP</td> + <td>Moderate</td> + <td>WLAN</td> + </tr> + <tr> + <td>CVE-2018-3576</td> + <td>A-72957337<br /> + <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=bdf6936cd49a1e43184c7ff1635126fca946a995"> +QC-CR#2128512</a></td> + <td>EoP</td> + <td>Moderate</td> + <td>WLAN</td> + </tr> + <tr> + <td>CVE-2018-3572</td> + <td>A-72957724<br /> + <a href="https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=b11e3a50197e73e397c36d335d56d905b99eb02c">QC-CR#2145996</a> + [<a href="https://source.codeaurora.org/quic/la/platform/vendor/opensource/audio-kernel/commit/?id=fbf66aa0c6ae84db64bdf0b8f3c3a32370c70c67">2</a>]</td> + <td>EoP</td> + <td>Moderate</td> + <td>Audio</td> + </tr> + <tr> + <td>CVE-2018-3571</td> + <td>A-72957527<br /> + <a href="https://source.codeaurora.org/quic/la/kernel/msm-4.9/commit/?id=db41c9cc35d82238a4629e5ff29ba0c6b80b2cd6"> +QC-CR#2132332</a></td> + <td>EoP</td> + <td>Moderate</td> + <td>Kgsl</td> + </tr> + <tr> + <td>CVE-2017-18153</td> + <td>A-35470735<a href="#asterisk">*</a><br /> + QC-CR#2021363</td> + <td>EoP</td> + <td>Moderate</td> + <td>Qcacld-2.0</td> + </tr> + <tr> + <td>CVE-2017-18070</td> + <td>A-72441280<br /> + <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=dc6c24b0a660d643c90a9cede1be4bdd44509b3e"> +QC-CR#2114348</a></td> + <td>EoP</td> + <td>Moderate</td> + <td>WLAN</td> + </tr> + <tr> + <td>CVE-2017-15857</td> + <td>A-65122765<a href="#asterisk">*</a><br /> + QC-CR#2111672<br /> + QC-CR#2152401<br /> + QC-CR#2152399<br /> + QC-CR#2153841</td> + <td>EoP</td> + <td>Moderate</td> + <td>Camera</td> + </tr> + <tr> + <td>CVE-2017-15854</td> + <td>A-71501688<br /> + <a href=" https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=aef5f626a7454844cc695a827cb87f89b37501e7"> +QC-CR#2114396</a></td> + <td>EoP</td> + <td>Moderate</td> + <td>WLAN</td> + </tr> + <tr> + <td>CVE-2017-15843</td> + <td>A-72956941<br /> + <a +href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=a549abd08f3a52593d9602128c63c1212e90984b">QC-CR#2032076</a> +[<a href="https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=e05adec18cbc3c9213cc293441a2be8683339b4a">2</a>]</td> + <td>EoP</td> + <td>Moderate</td> + <td>Floor_vote driver</td> + </tr> + <tr> + <td>CVE-2017-15842</td> + <td>A-72957040<br /> + <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=c4ab75dfc22f644fb5ee70bd515aaf633761cd3b">QC-CR#2123291</a> + [<a href="https://source.codeaurora.org/quic/la/platform/vendor/opensource/audio-kernel/commit/?id=6d42b0e51ed7f8e51397d89af66c1453beba51cd">2</a>]</td> + <td>EoP</td> + <td>Moderate</td> + <td>Qdsp6v2</td> + </tr> + <tr> + <td>CVE-2017-15832</td> + <td>A-70237689<br /> + <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=2b087bc5d5bdc18f9bc75148bd8b176a676b910a"> +QC-CR#2114756</a></td> + <td>EoP</td> + <td>Moderate</td> + <td>WLAN</td> + </tr> + <tr> + <td>CVE-2018-5852</td> + <td>A-70242505<a href="#asterisk">*</a><br /> + QC-CR#2169379</td> + <td>ID</td> + <td>Moderate</td> + <td>Ipa driver</td> + </tr> + <tr> + <td>CVE-2018-3579</td> + <td>A-72957564<br /> + <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=c2ce7b9c46d24a30901a402f3d4892b905b7d8e8"> +QC-CR#2149720</a></td> + <td>ID</td> + <td>Moderate</td> + <td>WLAN</td> + </tr> +</table> + +<h2 id="functional-patches">Functional patches</h2> +<p> +These updates are included for affected Pixel devices to address functionality +issues not related to the security of Pixel devices. The table includes +associated references; the affected category, such as Bluetooth or mobile data; +and a summary of the issue. +</p> +<table> + <tr> + <th>References</th> + <th>Category</th> + <th>Improvements</th> + <th>Devices</th> + </tr> + <tr> + <td>A-68840121</td> + <td>Performance</td> + <td>Improve Multitouch Detection</td> + <td>All</td> + </tr> + <tr> + <td>A-72851087</td> + <td>Power</td> + <td>Adjust Pixel XL charging behavior</td> + <td>Pixel XL</td> + </tr> +</table> + +<h2 id="common-questions-and-answers">Common questions and answers</h2> +<p> +This section answers common questions that may occur after reading this +bulletin. +</p> +<p> +<strong>1. How do I determine if my device is updated to address these issues? +</strong> +</p> +<p> +Security patch levels of 2018-05-05 or later address all issues associated with +the 2018-05-05 security patch level and all previous patch levels. To learn how +to check a device's security patch level, read the instructions on the <a +href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Pixel +and Nexus update schedule</a>. +</p> +<p id="type"> +<strong>2. What do the entries in the <em>Type</em> column mean?</strong> +</p> +<p> +Entries in the <em>Type</em> column of the vulnerability details table reference +the classification of the security vulnerability. +</p> +<table> + <col width="25%"> + <col width="75%"> + <tr> + <th>Abbreviation</th> + <th>Definition</th> + </tr> + <tr> + <td>RCE</td> + <td>Remote code execution</td> + </tr> + <tr> + <td>EoP</td> + <td>Elevation of privilege</td> + </tr> + <tr> + <td>ID</td> + <td>Information disclosure</td> + </tr> + <tr> + <td>DoS</td> + <td>Denial of service</td> + </tr> + <tr> + <td>N/A</td> + <td>Classification not available</td> + </tr> +</table> +<p> +<strong>3. What do the entries in the <em>References</em> column mean?</strong> +</p> +<p> +Entries under the <em>References</em> column of the vulnerability details table +may contain a prefix identifying the organization to which the reference value +belongs. +</p> +<table> + <col width="25%"> + <col width="75%"> + <tr> + <th>Prefix</th> + <th>Reference</th> + </tr> + <tr> + <td>A-</td> + <td>Android bug ID</td> + </tr> + <tr> + <td>QC-</td> + <td>Qualcomm reference number</td> + </tr> + <tr> + <td>M-</td> + <td>MediaTek reference number</td> + </tr> + <tr> + <td>N-</td> + <td>NVIDIA reference number</td> + </tr> + <tr> + <td>B-</td> + <td>Broadcom reference number</td> + </tr> +</table> +<p id="asterisk"> +<strong>4. What does a * next to the Android bug ID in the <em>References</em> +column mean?</strong> +</p> +<p> +Issues that are not publicly available have a * next to the Android bug ID in +the <em>References</em> column. The update for that issue is generally contained +in the latest binary drivers for Nexus devices available from the +<a href="https://developers.google.com/android/nexus/drivers">Google Developer site</a>. +</p> +<p> +<strong>5. Why are security vulnerabilities split between this bulletin and the +Android Security Bulletins?</strong> +</p> +<p> +Security vulnerabilities that are documented in the Android Security Bulletins +are required in order to declare the latest security patch level on Android +devices. Additional security vulnerabilities, such as those documented in this +bulletin are not required for declaring a security patch level. +</p> +<h2 id="versions">Versions</h2> +<table> + <col width="25%"> + <col width="25%"> + <col width="50%"> + <tr> + <th>Version</th> + <th>Date</th> + <th>Notes</th> + </tr> + <tr> + <td>1.0</td> + <td>May 7, 2018</td> + <td>Bulletin published.</td> + </tr> +</table> + + </body> +</html> diff --git a/en/security/bulletin/pixel/2018.html b/en/security/bulletin/pixel/2018.html index f4a08522..a2597f50 100644 --- a/en/security/bulletin/pixel/2018.html +++ b/en/security/bulletin/pixel/2018.html @@ -39,6 +39,21 @@ Bulletins</a> homepage.</p> <th>Security patch level</th> </tr> <tr> + <td><a href="/security/bulletin/pixel/2018-05-01.html">May 2018</a></td> + <td>Coming soon + <!-- + <a href="/security/bulletin/pixel/2018-05-01.html">English</a> / + <a href="/security/bulletin/pixel/2018-05-01.html?hl=ja">日本語</a> / + <a href="/security/bulletin/pixel/2018-05-01.html?hl=ko">한국어</a> / + <a href="/security/bulletin/pixel/2018-05-01.html?hl=ru">ру́сский</a> / + <a href="/security/bulletin/pixel/2018-05-01.html?hl=zh-cn">中文 (中国)</a> / + <a href="/security/bulletin/pixel/2018-05-01.html?hl=zh-tw">中文 (台灣)</a> + --> + </td> + <td>May 7, 2018</td> + <td>2018-05-05</td> + </tr> + <tr> <td><a href="/security/bulletin/pixel/2018-04-01.html">April 2018</a></td> <td>Coming soon <!-- @@ -50,20 +65,20 @@ Bulletins</a> homepage.</p> <a href="/security/bulletin/pixel/2018-04-01.html?hl=zh-tw">中文 (台灣)</a> --> </td> - <td>April 2018</td> + <td>April 2, 2018</td> <td>2018-04-05</td> </tr> <tr> <td><a href="/security/bulletin/pixel/2018-03-01.html">March 2018</a></td> - <td>Coming soon - <!-- + <td> <a href="/security/bulletin/pixel/2018-03-01.html">English</a> / <a href="/security/bulletin/pixel/2018-03-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/pixel/2018-03-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/pixel/2018-03-01.html?hl=ru">ру́сский</a> / + <!-- <a href="/security/bulletin/pixel/2018-03-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/pixel/2018-03-01.html?hl=zh-tw">中文 (台灣)</a> --> + <a href="/security/bulletin/pixel/2018-03-01.html?hl=zh-tw">中文 (台灣)</a> </td> <td>March 2018</td> <td>2018-03-05</td> diff --git a/en/security/bulletin/pixel/index.html b/en/security/bulletin/pixel/index.html index 95f1eafd..73e6d0f7 100644 --- a/en/security/bulletin/pixel/index.html +++ b/en/security/bulletin/pixel/index.html @@ -24,7 +24,7 @@ <p>This page contains the available Pixel / Nexus monthly bulletins. These bulletins supplement the -<a href="/security/bulletin">Android Security Bulletins</a> with +<a href="/security/bulletin">Android Security Bulletins</a> with additional security patches and functional improvements on Pixel and Nexus devices. These bulletins apply to <a href="https://support.google.com/nexus/answer/4457705">supported Pixel and @@ -59,6 +59,21 @@ AOSP 24–48 hours after the Pixel / Nexus bulletin is release <th>Security patch level</th> </tr> <tr> + <td><a href="/security/bulletin/pixel/2018-05-01.html">May 2018</a></td> + <td>Coming soon + <!-- + <a href="/security/bulletin/pixel/2018-05-01.html">English</a> / + <a href="/security/bulletin/pixel/2018-05-01.html?hl=ja">日本語</a> / + <a href="/security/bulletin/pixel/2018-05-01.html?hl=ko">한국어</a> / + <a href="/security/bulletin/pixel/2018-05-01.html?hl=ru">ру́сский</a> / + <a href="/security/bulletin/pixel/2018-05-01.html?hl=zh-cn">中文 (中国)</a> / + <a href="/security/bulletin/pixel/2018-05-01.html?hl=zh-tw">中文 (台灣)</a> + --> + </td> + <td>May 7, 2018</td> + <td>2018-05-05</td> + </tr> + <tr> <td><a href="/security/bulletin/pixel/2018-04-01.html">April 2018</a></td> <td>Coming soon <!-- @@ -70,20 +85,20 @@ AOSP 24–48 hours after the Pixel / Nexus bulletin is release <a href="/security/bulletin/pixel/2018-04-01.html?hl=zh-tw">中文 (台灣)</a> --> </td> - <td>April 2018</td> + <td>April 2, 2018</td> <td>2018-04-05</td> </tr> <tr> <td><a href="/security/bulletin/pixel/2018-03-01.html">March 2018</a></td> - <td>Coming soon - <!-- + <td> <a href="/security/bulletin/pixel/2018-03-01.html">English</a> / <a href="/security/bulletin/pixel/2018-03-01.html?hl=ja">日本語</a> / <a href="/security/bulletin/pixel/2018-03-01.html?hl=ko">한국어</a> / <a href="/security/bulletin/pixel/2018-03-01.html?hl=ru">ру́сский</a> / + <!-- <a href="/security/bulletin/pixel/2018-03-01.html?hl=zh-cn">中文 (中国)</a> / - <a href="/security/bulletin/pixel/2018-03-01.html?hl=zh-tw">中文 (台灣)</a> --> + <a href="/security/bulletin/pixel/2018-03-01.html?hl=zh-tw">中文 (台灣)</a> </td> <td>March 5, 2018</td> <td>2018-03-05</td> |