-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2016.0103
         Multiple vulnerabilities have been identified in Android
                              9 November 2016

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Google Nexus devices
Operating System:     Android
Impact/Access:        Execute Arbitrary Code/Commands -- Remote with User Interaction
                      Increased Privileges            -- Remote with User Interaction
                      Denial of Service               -- Remote/Unauthenticated      
                      Access Confidential Data        -- Remote with User Interaction
Resolution:           Patch/Upgrade
CVE Names:            CVE-2016-7917 CVE-2016-7916 CVE-2016-7915
                      CVE-2016-7914 CVE-2016-7913 CVE-2016-7912
                      CVE-2016-7911 CVE-2016-7910 CVE-2016-6828
                      CVE-2016-6754 CVE-2016-6753 CVE-2016-6752
                      CVE-2016-6751 CVE-2016-6750 CVE-2016-6749
                      CVE-2016-6748 CVE-2016-6747 CVE-2016-6746
                      CVE-2016-6745 CVE-2016-6744 CVE-2016-6743
                      CVE-2016-6742 CVE-2016-6738 CVE-2016-6737
                      CVE-2016-6736 CVE-2016-6735 CVE-2016-6734
                      CVE-2016-6733 CVE-2016-6732 CVE-2016-6731
                      CVE-2016-6730 CVE-2016-6729 CVE-2016-6728
                      CVE-2016-6727 CVE-2016-6726 CVE-2016-6725
                      CVE-2016-6724 CVE-2016-6723 CVE-2016-6722
                      CVE-2016-6721 CVE-2016-6720 CVE-2016-6719
                      CVE-2016-6718 CVE-2016-6717 CVE-2016-6716
                      CVE-2016-6715 CVE-2016-6714 CVE-2016-6713
                      CVE-2016-6712 CVE-2016-6711 CVE-2016-6710
                      CVE-2016-6709 CVE-2016-6708 CVE-2016-6707
                      CVE-2016-6706 CVE-2016-6705 CVE-2016-6704
                      CVE-2016-6703 CVE-2016-6702 CVE-2016-6701
                      CVE-2016-6700 CVE-2016-6699 CVE-2016-6698
                      CVE-2016-6136 CVE-2016-5300 CVE-2016-5195
                      CVE-2016-3907 CVE-2016-3906 CVE-2016-3904
                      CVE-2016-2184 CVE-2016-0718 CVE-2015-8964
                      CVE-2015-8963 CVE-2015-8962 CVE-2015-8961
                      CVE-2015-1283 CVE-2015-0410 CVE-2014-9908
                      CVE-2014-9675 CVE-2012-6702 
Member content until: Friday, December  9 2016
Reference:            ASB-2016.0081
                      ASB-2016.0075
                      ESB-2015.0146

OVERVIEW

        Multiple vulnerabilities have been identified in Android prior to 
        Security patch levels of November 06, 2016. [1]


IMPACT

        The vendor has provided the following information:
        
        "2016-11-01 security patch level—Vulnerability summary
        
        Security patch levels of 2016-11-01 or later must address the 
        following issues.
        
        Issue 								CVE 								Severity 	Affects Google devices?
        Remote code execution vulnerability in Mediaserver 		CVE-2016-6699 							Critical 	Yes
        Elevation of privilege vulnerability in libzipfile 		CVE-2016-6700 							Critical 	No*
        Remote code execution vulnerability in Skia 			CVE-2016-6701 							High 		Yes
        Remote code execution vulnerability in libjpeg 			CVE-2016-6702 							High 		No*
        Remote code execution vulnerability in Android runtime 		CVE-2016-6703 							High 		No*
        Elevation of privilege vulnerability in Mediaserver 		CVE-2016-6704, CVE-2016-6705, CVE-2016-6706 			High 		Yes
        Elevation of privilege vulnerability in System Server 		CVE-2016-6707							High 		Yes
        Elevation of privilege vulnerability in System UI 		CVE-2016-6708 							High	 	Yes
        Information disclosure vulnerability in Conscrypt 		CVE-2016-6709 							High 		Yes
        Information disclosure vulnerability in download manager 	CVE-2016-6710 							High 		Yes
        Denial of service vulnerability in Bluetooth 			CVE-2014-9908 							High 		No*
        Denial of service vulnerability in OpenJDK		 	CVE-2015-0410 							High 		Yes
        Denial of service vulnerability in Mediaserver 			CVE-2016-6711, CVE-2016-6712, CVE-2016-6713, CVE-2016-6714 	High 		Yes
        Elevation of privilege vulnerability in Framework APIs 		CVE-2016-6715 							Moderate 	Yes
        Elevation of privilege vulnerability in AOSP Launcher 		CVE-2016-6716 							Moderate 	Yes
        Elevation of privilege vulnerability in Mediaserver 		CVE-2016-6717 							Moderate 	Yes
        Elevation of privilege vulnerability in Account Manager Service CVE-2016-6718 							Moderate 	Yes
        Elevation of privilege vulnerability in Bluetooth 		CVE-2016-6719 							Moderate 	Yes
        Information disclosure vulnerability in Mediaserver 		CVE-2016-6720, CVE-2016-6721, CVE-2016-6722 			Moderate 	Yes
        Denial of service vulnerability in Proxy Auto Config 		CVE-2016-6723 							Moderate 	Yes
        Denial of service vulnerability in Input Manager Service 	CVE-2016-6724 							Moderate 	Yes
        
        * Supported Google devices on Android 7.0 or later that have installed
        all available updates are not affected by this vulnerability.
        
        2016-11-05 security patch level—Vulnerability summary
        
        Security patch levels of 2016-11-05 or later must address all of the
        2016-11-01 issues, as well as the following issues.
        
        Issue								 		CVE 																Severity 	Affects Google devices?
        Remote code execution vulnerability in Qualcomm crypto driver 			CVE-2016-6725 															Critical 	Yes
        Elevation of privilege vulnerability in kernel file system 			CVE-2015-8961, CVE-2016-7910, CVE-2016-7911 											Critical 	Yes
        Elevation of privilege vulnerability in kernel SCSI driver 			CVE-2015-8962 															Critical 	Yes
        Elevation of privilege vulnerability in kernel media driver 			CVE-2016-7913 															Critical 	Yes
        Elevation of privilege vulnerability in kernel USB driver 			CVE-2016-7912 															Critical 	Yes
        Elevation of privilege vulnerability in kernel ION subsystem 			CVE-2016-6728 															Critical 	Yes
        Elevation of privilege vulnerability in Qualcomm bootloader 			CVE-2016-6729 															Critical 	Yes
        Elevation of privilege vulnerability in NVIDIA GPU driver 			CVE-2016-6730, CVE-2016-6731, CVE-2016-6732, CVE-2016-6733, CVE-2016-6734, CVE-2016-6735, CVE-2016-6736 			Critical 	Yes
        Elevation of privilege vulnerability in kernel networking subsystem 		CVE-2016-6828 															Critical 	Yes
        Elevation of privilege vulnerability in kernel sound subsystem 			CVE-2016-2184 															Critical 	Yes
        Elevation of privilege vulnerability in kernel ION subsystem 			CVE-2016-6737 															Critical 	Yes
        Vulnerabilities in Qualcomm components 						CVE-2016-6726, CVE-2016-6727 													Critical 	Yes
        Remote code execution vulnerability in Expat 					CVE-2016-0718, CVE-2012-6702, CVE-2016-5300, CVE-2015-1283 									High 		No*
        Remote code execution vulnerability in Webview 					CVE-2016-6754 															High 		No*
        Remote code execution vulnerability in Freetype 				CVE-2014-9675 															High 		No*
        Elevation of privilege vulnerability in kernel performance subsystem 		CVE-2015-8963 															High 		Yes
        Elevation of privilege vulnerability in kernel system-call auditing subsystem 	CVE-2016-6136 															High 		Yes
        Elevation of privilege vulnerability in Qualcomm crypto engine driver 		CVE-2016-6738 															High 		Yes
        Elevation of privilege vulnerability in Qualcomm bus driver 			CVE-2016-3904 															High 		Yes
        Elevation of privilege vulnerability in Synaptics touchscreen driver 		CVE-2016-6742, CVE-2016-6744, CVE-2016-6745, CVE-2016-6743 									High 		Yes
        Information disclosure vulnerability in kernel components 			CVE-2015-8964, CVE-2016-7914, CVE-2016-7915, CVE-2016-7916 									High 		Yes
        Information disclosure vulnerability in NVIDIA GPU driver 			CVE-2016-6746 															High 		Yes
        Denial of service vulnerability in Mediaserver 					CVE-2016-6747 															High 		Yes
        Information disclosure vulnerability in kernel components 			CVE-2016-6753, CVE-2016-7917 													Moderate 	Yes
        Information disclosure vulnerability in Qualcomm components 			CVE-2016-6748, CVE-2016-6749, CVE-2016-6750, CVE-2016-3906, CVE-2016-3907, CVE-2016-6698, CVE-2016-6751, CVE-2016-6752 		Moderate 	Yes
        
        * Supported Google devices on Android 7.0 or later that have installed 
        all available updates are not affected by this vulnerability.
        
        2016-11-06 security patch level—Vulnerability summary
        
        Security patch levels of 2016-11-06 or later must address all of the 2016-11-05 and 2016-11-01 issues, as well as the following issues.
        Issue 									CVE 		Severity 	Affects Google devices?
        Elevation of privilege vulnerability in kernel memory subsystem 	CVE-2016-5195 	Critical 	Yes" [1]


MITIGATION

        Google advises it has released over-the-air (OTA) updates for Nexus,
        and partner updates have been released to the Android Open
        Source Project (AOSP). Android users are advised to update to the 
        latest versions to address these issues. [1]


REFERENCES

        [1] Android Security Bulletin—November 2016
            https://source.android.com/security/bulletin/2016-11-01.html

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBWCKKoIx+lLeg9Ub1AQgNIA/+NdmLS71QUcxS5pFcZpciNvNB9QmxCe6L
XfSbW7Qzhvc8Iv9iYMYjRkwTjCKbXCyCkWIs4B8pnW4QJUcVj0YEZTGc9l+Vglk3
aPGGNQ5uvAqVUoUjXOCHSQGv9/KZTIAsmRs8IwdoP5w+QW4PqSRFgmZA75V2pnKJ
Aq8QzobYbdd4esMWmI7vDP7A7QWNl19dwjEthDEq9W6Xe6HSfM0PKRZfT2pbKTwg
qq6pJA44ZxSJslYHQbNK/rkaRz3o8x/XaMF3eKv4YwX+agWjV+BfUC73P3htbblj
IU9ZykqqvIH8m7bYvppXICqZD/ThBkMmzjuPJG1uPMOcHgkLsXr39Bxkg7CGJKXV
BJeNkOTm4KHhuHOBzW53Acm1O4ggjUqMlnD0A2HiMDOcKjNoNWwjj82abbBF7Oie
lyDfvIz5qDqFkss5WMtfKWs52Jht8qrLIFdKg5hh7tLsVcTdDohEdWcvc1ILbNHF
ODvETX5pg4oOUkZMuatE9anN/PrveVMJsv49oDp5SBHuDeb4KlOx9sW8WgFMgOdy
F9RMwoEypDkeP811qbN0P29K44DfHFNZ+UUg7EcpjuvTukGHRxCLJHSaKDOKAjBJ
Bl3BqxnSHSa6+0Q0vKuXAPPq/HbC9srGUZgXBINi990jvK/PgTjBVBV3MIN8Oh87
F+akbD0wlFE=
=qXKi
-----END PGP SIGNATURE-----