diff options
Diffstat (limited to 'en/security/bulletin/2017-10-01.html')
| -rw-r--r-- | en/security/bulletin/2017-10-01.html | 30 |
1 files changed, 18 insertions, 12 deletions
diff --git a/en/security/bulletin/2017-10-01.html b/en/security/bulletin/2017-10-01.html index 6ca5f4f6..dce1e591 100644 --- a/en/security/bulletin/2017-10-01.html +++ b/en/security/bulletin/2017-10-01.html @@ -20,7 +20,7 @@ See the License for the specific language governing permissions and limitations under the License. --> - <p><em>Published October 2, 2017</em></p> +<p><em>Published October 2, 2017 | Updated October 3, 2017</em></p> <p>The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of October 05, 2017 or later @@ -29,9 +29,9 @@ level, see <a href="https://support.google.com/pixelphone/answer/4457705#pixel_p Check & update your Android version</a>.</p> <p>Android partners are notified of all issues at least a month before -publication. Source code patches for these issues will be released -to the Android Open Source Project (AOSP) repository in the next 48 hours. -We will revise this bulletin with the AOSP links when they are available.</p> +publication. Source code patches for these issues have been released to the +Android Open Source Project (AOSP) repository and linked from this bulletin. +This bulletin also includes links to patches outside of AOSP.</p> <p>The most severe of these issues is a critical severity vulnerability in media framework that could enable a remote attacker using a specially crafted file to @@ -121,7 +121,7 @@ additional permissions.</p> </tr> <tr> <td>CVE-2017-0806</td> - <td>A-62998805</td> + <td><a href="https://android.googlesource.com/platform/frameworks/base/+/b87c968e5a41a1a09166199bf54eee12608f3900">A-62998805</a></td> <td>EoP</td> <td>High</td> <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0</td> @@ -148,42 +148,42 @@ a privileged process.</p> </tr> <tr> <td>CVE-2017-0809</td> - <td>A-62673128</td> + <td><a href="https://android.googlesource.com/platform/frameworks/av/+/552a3b5df2a6876d10da20f72e4cc0d44ac2c790">A-62673128</a></td> <td>RCE</td> <td>Critical</td> <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0</td> </tr> <tr> <td>CVE-2017-0810</td> - <td>A-38207066</td> + <td><a href="https://android.googlesource.com/platform/external/libmpeg2/+/7737780815fe523ad7b0e49456eb75d27a30818a">A-38207066</a></td> <td>RCE</td> <td>Critical</td> <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0</td> </tr> <tr> <td>CVE-2017-0811</td> - <td>A-37930177</td> + <td><a href="https://android.googlesource.com/platform/external/libhevc/+/25c0ffbe6a181b4a373c3c9b421ea449d457e6ed">A-37930177</a></td> <td>RCE</td> <td>Critical</td> <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0</td> </tr> <tr> <td>CVE-2017-0812</td> - <td>A-62873231</td> + <td><a href="https://android.googlesource.com/device/google/dragon/+/7df7ec13b1d222ac3a66797fbe432605ea8f973f">A-62873231</a></td> <td>EoP</td> <td>High</td> <td>7.0, 7.1.1, 7.1.2, 8.0</td> </tr> <tr> <td>CVE-2017-0815</td> - <td>A-63526567</td> + <td><a href="https://android.googlesource.com/platform/frameworks/av/+/f490fc335772a9b14e78997486f4a572b0594c04">A-63526567</a></td> <td>ID</td> <td>Moderate</td> <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0</td> </tr> <tr> <td>CVE-2017-0816</td> - <td>A-63662938</td> + <td><a href="https://android.googlesource.com/platform/frameworks/av/+/f490fc335772a9b14e78997486f4a572b0594c04">A-63662938</a></td> <td>ID</td> <td>Moderate</td> <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0</td> @@ -210,7 +210,8 @@ process.</p> </tr> <tr> <td>CVE-2017-14496</td> - <td>A-64575136</td> + <td><a href="https://android.googlesource.com/platform/external/dnsmasq/+/ff755ca73c98a1f2706fe86996e4bf6215054834">A-64575136</a> + [<a href="https://android.googlesource.com/platform/external/dnsmasq/+/68a974de72b5091ce608815a349daaeb05cdeab5">2</a>]</td> <td>RCE</td> <td>High</td> <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0</td> @@ -502,6 +503,11 @@ Acknowledgements</a> page.</p> <td>October 2, 2017</td> <td>Bulletin published.</td> </tr> + <tr> + <td>1.1</td> + <td>October 3, 2017</td> + <td>Bulletin revised to include AOSP links.</td> + </tr> </table> </body> </html> |