Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2017.3214
December 2017 security updates for BlackBerry Powered by Android
18 December 2017
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: BlackBerry Powered by Android
Publisher: BlackBerry
Operating System: BlackBerry Device
Android
Impact/Access: Root Compromise -- Existing Account
Denial of Service -- Existing Account
Access Confidential Data -- Existing Account
Reduced Security -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2017-1000380 CVE-2017-14914 CVE-2017-14903
CVE-2017-14897 CVE-2017-13174 CVE-2017-13169
CVE-2017-13168 CVE-2017-13167 CVE-2017-13166
CVE-2017-13165 CVE-2017-13163 CVE-2017-13160
CVE-2017-13159 CVE-2017-13158 CVE-2017-13157
CVE-2017-13156 CVE-2017-13154 CVE-2017-13152
CVE-2017-13151 CVE-2017-13150 CVE-2017-13149
CVE-2017-13148 CVE-2017-11049 CVE-2017-11047
CVE-2017-11045 CVE-2017-11044 CVE-2017-11043
CVE-2017-11033 CVE-2017-11031 CVE-2017-11030
CVE-2017-11019 CVE-2017-11016 CVE-2017-9722
CVE-2017-9718 CVE-2017-9716 CVE-2017-9710
CVE-2017-9708 CVE-2017-9703 CVE-2017-9700
CVE-2017-9698 CVE-2017-8244 CVE-2017-7533
CVE-2017-0880 CVE-2017-0879 CVE-2017-0874
CVE-2017-0873 CVE-2017-0872 CVE-2017-0870
CVE-2017-0837 CVE-2017-0807 CVE-2017-0564
Reference: ASB-2017.0032
Original Bulletin:
http://support.blackberry.com/kb/articleDetail?articleNumber=000047154
- --------------------------BEGIN INCLUDED TEXT--------------------
BlackBerry Powered by Android Security Bulletin - December 2017
Article Number: 000047154 First Published: December 15, 2017 Last
Modified: December 15, 2017 Type: Security Bulletin
Purpose of this Bulletin
BlackBerry has released a security update to address multiple vulnerabilities
in BlackBerry powered by Android smartphones. We recommend users update to the
latest available software build.
BlackBerry releases security bulletins to notify users of its Android
smartphones about available security fixes; see BlackBerry.com/bbsirt for a
complete list of monthly bulletins. This advisory is in response to the Android
Security Bulletin (December 2017) and addresses issues in that bulletin that
affect BlackBerry powered by Android smartphones.
Vulnerabilities Fixed in this Update
The following vulnerabilities have been remediated in this update:
Summary CVE
Elevation of Privilege in Framework CVE-2017-0807
Elevation of Privilege in Framework CVE-2017-0870
Remote Code Execution in Media Framework CVE-2017-0872
Remote Code Execution in Media Framework CVE-2017-13151
Elevation of Privilege in Media Framework CVE-2017-0837
Elevation of Privilege in Media Framework CVE-2017-13154
Denial of Service in Media Framework CVE-2017-0873
Denial of Service in Media Framework CVE-2017-0874
Denial of Service in Media Framework CVE-2017-0880
Denial of Service in Media Framework CVE-2017-13148
Remote Code Execution in System CVE-2017-13160
Elevation of Privilege in System CVE-2017-13156
Information Disclosure in System CVE-2017-13157
Information Disclosure in System CVE-2017-13158
Information Disclosure in System CVE-2017-13159
Elevation of Privilege in Kernel ION CVE-2017-0564
Elevation of Privilege in Kernel File Handling CVE-2017-7533
Elevation of Privilege in Kernel EDL CVE-2017-13174
Elevation of Privilege in Kernel Sound Timer CVE-2017-13167
Remote Code Execution in Qualcomm WLAN CVE-2017-11043
Elevation of Privilege in Qualcomm Qbt1000 Driver CVE-2017-9716
Elevation of Privilege in Qualcomm RPMB Driver CVE-2017-14897
Vulnerability in Qualcomm Storage CVE-2017-14914
Denial of Service in Media Framework CVE-2017-0879
Denial of Service in Media Framework CVE-2017-13149
Denial of Service in Media Framework CVE-2017-13150
Information Disclosure in Media Framework CVE-2017-13152
Elevation of Privilege in Kernel MTP USB Driver CVE-2017-13163
Elevation of Privilege in Kernel File System CVE-2017-13165
Elevation of Privilege in Kernel V4L2 Video Driver CVE-2017-13166
Elevation of Privilege in Kernel Sound Timer Driver CVE-2017-1000380
Elevation of Privilege in Kernel SCSI Driver CVE-2017-13168
Information Disclosure in Kernel Camera Server CVE-2017-13169
Elevation of Privilege in Qualcomm Kernel CVE-2017-9708
Elevation of Privilege in Qualcomm Display CVE-2017-11030
Elevation of Privilege in Qualcomm Video Driver CVE-2017-9703
Elevation of Privilege in Qualcomm Debugfs Driver CVE-2017-8244
Elevation of Privilege in Qualcomm Kernel CVE-2017-9718
Elevation of Privilege in Qualcomm Graphics CVE-2017-9698
Elevation of Privilege in Qualcomm Audio CVE-2017-9700
Elevation of Privilege in Qualcomm Display CVE-2017-9722
Elevation of Privilege in Qualcomm Display CVE-2017-11049
Elevation of Privilege in Qualcomm Display CVE-2017-11047
Elevation of Privilege in Qualcomm Graphics CVE-2017-11044
Elevation of Privilege in Qualcomm Camera CVE-2017-11045
Elevation of Privilege in Qualcomm Data HLOS CVE-2017-9710
Elevation of Privilege in Qualcomm Display CVE-2017-11019
Elevation of Privilege in Qualcomm Audio CVE-2017-11016
Elevation of Privilege in Qualcomm Kernel CVE-2017-11033
Information Disclosure in Qualcomm WLAN CVE-2017-14903
Information Disclosure in Qualcomm Display CVE-2017-11031
Available Updates
BlackBerry is making an updated software version available for BlackBerry
powered by Android smartphones that have been purchased from ShopBlackBerry.com
. Updated software builds may also be available from other retailers or
carriers, dependent on their deployment schedules.
To identify an up to date software build, navigate to the Settings>About Phone
menu. Look for the following Android security patch level:
* December 1, 2017 or later or later
If your BlackBerry powered by Android smartphone does not have an up-to-date
software build available, please contact your retailer or carrier directly for
security maintenance release availability information.
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBWjdCfox+lLeg9Ub1AQj3phAAqqobqWHSP/Pv2aiA2N+fgguoNLEqm9gv
K0de5KT0btITAji1sRZ2DN49G6Ehmc1GsfyZopf/Xv+A9WW+c9moVMfdTbk+PJto
pqTcA6EcxiuLuCYh/gQA7HUzN/YUtkPu8e9h+M2JDiD/gxOJNB2aVz1dgW/gB+K4
Uyv1jGiDEdFabRbbM9lubWD3VX9GPtw08o42HSMBJbkQRz9G1Dygb2QDKNyVHk5X
ZkBsYq5+OaGgIxyFGEPee2pqPSv67onctgpN/SYS6MY7sUMjo6s5Oi775THteB+U
AtFCyZSOBoqFjQ2RHk7YqpYKloEsMjcxkgL4pMlRN6riUy1YUjuqHa1Gfj4+D61+
J3ZxYc7kj3KX/mXHfMjrS0rmkT3oYONbkikNDGCK6yffpMCyP8m+GqF2HVdE0zJn
6QU5KlUBjQfRTfJbBoUjqQWybey4rGvJpgoDR6OiMEpnQ8J8PVJNx+0Pc+UCwDDx
ptGuiUBvNSUaKQidRSoLlyAZF519fzYSLCHyDZtmI4GoGHzROssqkVS+c54Krtun
Us0nJoBOnnQB1QYCpN9Z7UX5bqoOKNhPV4ZUlIA7gZ94+YTjT1ecMhrwnaQIKLaX
AB2XD1PM9qM/w88pRLCpSapwwQWTwGA8/VzrYq+0/a7tGydONypkJLa6En8YIytm
VuppQp1BtzU=
=pIjG
-----END PGP SIGNATURE-----