Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2017.0020 Android Security Bulletin-March 2017 8 March 2017 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Google Nexus devices Operating System: Android Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Root Compromise -- Existing Account Increased Privileges -- Remote/Unauthenticated Denial of Service -- Remote/Unauthenticated Access Confidential Data -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2017-0537 CVE-2017-0536 CVE-2017-0535 CVE-2017-0534 CVE-2017-0533 CVE-2017-0532 CVE-2017-0531 CVE-2017-0529 CVE-2017-0528 CVE-2017-0527 CVE-2017-0526 CVE-2017-0525 CVE-2017-0524 CVE-2017-0523 CVE-2017-0522 CVE-2017-0521 CVE-2017-0520 CVE-2017-0519 CVE-2017-0518 CVE-2017-0517 CVE-2017-0516 CVE-2017-0510 CVE-2017-0509 CVE-2017-0508 CVE-2017-0507 CVE-2017-0506 CVE-2017-0505 CVE-2017-0504 CVE-2017-0503 CVE-2017-0502 CVE-2017-0501 CVE-2017-0500 CVE-2017-0499 CVE-2017-0498 CVE-2017-0497 CVE-2017-0496 CVE-2017-0495 CVE-2017-0494 CVE-2017-0492 CVE-2017-0491 CVE-2017-0490 CVE-2017-0489 CVE-2017-0488 CVE-2017-0487 CVE-2017-0486 CVE-2017-0485 CVE-2017-0484 CVE-2017-0483 CVE-2017-0482 CVE-2017-0481 CVE-2017-0480 CVE-2017-0479 CVE-2017-0478 CVE-2017-0477 CVE-2017-0476 CVE-2017-0475 CVE-2017-0474 CVE-2017-0473 CVE-2017-0472 CVE-2017-0471 CVE-2017-0470 CVE-2017-0469 CVE-2017-0468 CVE-2017-0467 CVE-2017-0466 CVE-2017-0464 CVE-2017-0463 CVE-2017-0461 CVE-2017-0460 CVE-2017-0459 CVE-2017-0458 CVE-2017-0457 CVE-2017-0456 CVE-2017-0455 CVE-2017-0453 CVE-2017-0452 CVE-2017-0392 CVE-2017-0390 CVE-2017-0338 CVE-2017-0337 CVE-2017-0336 CVE-2017-0335 CVE-2017-0334 CVE-2017-0333 CVE-2017-0307 CVE-2017-0306 CVE-2016-10200 CVE-2016-9806 CVE-2016-9793 CVE-2016-8655 CVE-2016-8650 CVE-2016-8488 CVE-2016-8487 CVE-2016-8486 CVE-2016-8485 CVE-2016-8484 CVE-2016-8483 CVE-2016-8479 CVE-2016-8478 CVE-2016-8477 CVE-2016-8417 CVE-2016-8416 CVE-2016-8413 CVE-2016-5857 CVE-2016-5856 CVE-2016-2182 CVE-2014-8709 Member content until: Friday, April 7 2017 Reference: ASB-2017.0005 ASB-2017.0002 ASB-2017.0001 ESB-2015.1935 ESB-2015.0503 ESB-2015.0137 OVERVIEW Multiple vulnerabilities have been identified in Android prior to security patch level string 2017-03-05. [1] IMPACT The vendor has provided the following information: "017-03-01 security patch level-Vulnerability summary Security patch levels of 2017-03-01 or later must address the following issues. Issue CVE Severity Affects Google devices? Remote code execution vulnerability in OpenSSL & BoringSSL CVE-2016-2182 Critical Yes Remote code execution vulnerability in Mediaserver CVE-2017-0466, CVE-2017-0467, CVE-2017-0468, CVE-2017-0469, CVE-2017-0470, CVE-2017-0471, CVE-2017-0472, CVE-2017-0473, CVE-2017-0474 Critical Yes Elevation of privilege vulnerability in recovery verifier CVE-2017-0475 Critical Yes Remote code execution vulnerability in AOSP Messaging CVE-2017-0476 High Yes Remote code execution vulnerability in libgdx CVE-2017-0477 High Yes Remote code execution vulnerability in Framesequence library CVE-2017-0478 High Yes Elevation of privilege vulnerability in Audioserver CVE-2017-0479, CVE-2017-0480 High Yes Elevation of privilege vulnerability in NFC CVE-2017-0481 High Yes Denial of service vulnerability in Mediaserver CVE-2017-0482, CVE-2017-0483, CVE-2017-0484, CVE-2017-0485, CVE-2017-0486, CVE-2017-0487, CVE-2017-0488 High Yes Update: Denial of service vulnerability in Mediaserver CVE-2017-0390 High Yes Update: Denial of service vulnerability in Mediaserver CVE-2017-0392 High Yes Elevation of privilege vulnerability in Location Manager CVE-2017-0489 Moderate Yes Elevation of privilege vulnerability in Wi-Fi CVE-2017-0490 Moderate Yes Elevation of privilege vulnerability in Package Manager CVE-2017-0491 Moderate Yes Elevation of privilege vulnerability in System UI CVE-2017-0492 Moderate Yes Information disclosure vulnerability in AOSP Messaging CVE-2017-0494 Moderate Yes Information disclosure vulnerability in Mediaserver CVE-2017-0495 Moderate Yes Denial of service vulnerability in Setup Wizard CVE-2017-0496 Moderate Yes Denial of service vulnerability in Mediaserver CVE-2017-0497 Moderate Yes Denial of service vulnerability in Setup Wizard CVE-2017-0498 Moderate No* Denial of service vulnerability in Audioserver CVE-2017-0499 Low Yes * Supported Google devices on Android 7.0 or later that have installed all available updates are not affected by this vulnerability. 2017-03-05 security patch level—Vulnerability summary Security patch levels of 2017-03-05 or later must address all of the 2017-03-01 issues, as well as the following issues. Issue CVE Severity Affects Google devices? Elevation of privilege vulnerability in MediaTek components CVE-2017-0500, CVE-2017-0501, CVE-2017-0502, CVE-2017-0503, CVE-2017-0504, CVE-2017-0505, CVE-2017-0506 Critical No* Elevation of privilege vulnerability in NVIDIA GPU driver CVE-2017-0337, CVE-2017-0338, CVE-2017-0333, CVE-2017-0306, CVE-2017-0335 Critical Yes Elevation of privilege vulnerability in kernel ION subsystem CVE-2017-0507, CVE-2017-0508 Critical Yes Elevation of privilege vulnerability in Broadcom Wi-Fi driver CVE-2017-0509 Critical No* Elevation of privilege vulnerability in kernel FIQ debugger CVE-2017-0510 Critical Yes Elevation of privilege vulnerability in Qualcomm GPU driver CVE-2016-8479 Critical Yes Elevation of privilege vulnerability in kernel networking subsystem CVE-2016-9806, CVE-2016-10200 Critical Yes Vulnerabilities in Qualcomm components CVE-2016-8484, CVE-2016-8485, CVE-2016-8486, CVE-2016-8487, CVE-2016-8488 Critical No* Elevation of privilege vulnerability in kernel networking subsystem CVE-2016-8655, CVE-2016-9793 High Yes Elevation of privilege vulnerability in Qualcomm input hardware driver CVE-2017-0516 High Yes Elevation of privilege vulnerability in MediaTek Hardware Sensor Driver CVE-2017-0517 High No* Elevation of privilege vulnerability in Qualcomm ADSPRPC driver CVE-2017-0457 High Yes Elevation of privilege vulnerability in Qualcomm fingerprint sensor driver CVE-2017-0518, CVE-2017-0519 High Yes Elevation of privilege vulnerability in Qualcomm crypto engine driver CVE-2017-0520 High Yes Elevation of privilege vulnerability in Qualcomm camera driver CVE-2017-0458, CVE-2017-0521 High Yes Elevation of privilege vulnerability in MediaTek APK CVE-2017-0522 High No* Elevation of privilege vulnerability in Qualcomm Wi-Fi driver CVE-2017-0464, CVE-2017-0453, CVE-2017-0523 High Yes Elevation of privilege vulnerability in Synaptics touchscreen driver CVE-2017-0524 High Yes Elevation of privilege vulnerability in Qualcomm IPA driver CVE-2017-0456, CVE-2017-0525 High Yes Elevation of privilege vulnerability in HTC Sensor Hub Driver CVE-2017-0526, CVE-2017-0527 High Yes Elevation of privilege vulnerability in NVIDIA GPU driver CVE-2017-0307 High No* Elevation of privilege vulnerability in Qualcomm networking driver CVE-2017-0463, CVE-2017-0460 High Yes Elevation of privilege vulnerability in kernel security subsystem CVE-2017-0528 High Yes Elevation of privilege vulnerability in Qualcomm SPCom driver CVE-2016-5856, CVE-2016-5857 High No* Information disclosure vulnerability in kernel networking subsystem CVE-2014-8709 High Yes Information disclosure vulnerability in MediaTek driver CVE-2017-0529 High No* Information disclosure vulnerability in Qualcomm bootloader CVE-2017-0455 High Yes Information disclosure vulnerability in Qualcomm power driver CVE-2016-8483 High Yes Information disclosure vulnerability in NVIDIA GPU driver CVE-2017-0334, CVE-2017-0336 High Yes Denial of service vulnerability in kernel cryptographic subsystem CVE-2016-8650 High Yes Elevation of privilege vulnerability in Qualcomm camera driver (device specific) CVE-2016-8417 Moderate Yes Information disclosure vulnerability in Qualcomm Wi-Fi driver CVE-2017-0461, CVE-2017-0459, CVE-2017-0531 Moderate Yes Information disclosure vulnerability in MediaTek video codec driver CVE-2017-0532 Moderate No* Information disclosure vulnerability in Qualcomm video driver CVE-2017-0533, CVE-2017-0534, CVE-2016-8416, CVE-2016-8478 Moderate Yes Information disclosure vulnerability in Qualcomm camera driver CVE-2016-8413, CVE-2016-8477 Moderate Yes Information disclosure vulnerability in HTC sound codec driver CVE-2017-0535 Moderate Yes Information disclosure vulnerability in Synaptics touchscreen driver CVE-2017-0536 Moderate Yes Information disclosure vulnerability in kernel USB gadget driver CVE-2017-0537 Moderate Yes Information disclosure vulnerability in Qualcomm camera driver CVE-2017-0452 Low Yes * Supported Google devices on Android 7.0 or later that have installed all available updates are not affected by this vulnerability. [1] MITIGATION Google advises it has released over-the-air (OTA) updates for Nexus, and partner updates have been released to the Android Open Source Project (AOSP). Android users are advised to update to the latest versions to address these issues. [1] REFERENCES [1] Android Security Bulletin—March 2017 https://source.android.com/security/bulletin/2017-03-01.html AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWL+XTox+lLeg9Ub1AQh9/Q/+JtBR2d4oSlzxcYW+0cyW4dGAdz6Ajh6Y 0rg7iclPNrLwd/ETGU81JFIdHXBcGtZyUgB6wK4U9tJQSOp+cRidh5bftQzVvslU 1HxWmMMZtEh442EtQMesvb1xP7L6Dsr7wwTd8Re77kmsfoXaLJY/atjbFhYSXBKJ eDyQnXGkjWq8Pjojbc8ssB8yaO3FheyrrUu9YHF1/mc7jOR6O1LjMGluKYVy37ob hwmBaovUkb9Y9GQXNblAuh/ZzHQSv42RT+N6Iedwq9UOdO29aINDvAJcrnwCkO0Y 9PCho5pxHWARaMbLqPkoK6s3hCHymflpoJqDVfFxEWDDiebeo0Q0iPWrA6hKKouk 2Jh5V8AyY5AFAxqG43X3JJm08QT4TaFBr5Sh1U/RKuxwAtkIykW3Lwznboi7n7O+ X/+E8+R+xr5LkPj5dKEGVcFrP8SWYzOfFj/vhdfBnI0iok+FZil0igEbLzAayVva fTStdPlKtGSZjQ3kmHyp+4oTSyDkxoIA0PKO3NP9wnjEweRWiqPFL7gCpd0GgjgA GZk5Gwv4YvBubNvTTU1iaemU9Xl0ET1U92ayu6rKPPb+uEzLWthUnXXC8KWMTWfR 1Ck80CmT/bLtjLqzo+FtKBGHNmE3v0W0C9CudPZ0ZCrb7WlruCxaPeTul7TTMV2X KkP2TKach0E= =RaJs -----END PGP SIGNATURE-----