10/5/16

Samsung Android Security Updates

SMR-OCT-2016


Samsung Mobile is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process.
This SMR package includes patches from Google and Samsung.

Google patches include patches up to Android Security Bulletin – October 2016 package.

The Bulletin (October 2016) contains the following CVE items:
CVE-2016-0848(H), CVE-2016-2061(H), CVE-2016-3748(H), CVE-2016-3762(M), CVE-2016-3768(C), CVE-2015-8816(C), CVE-2014-9790(H), CVE-2014-9800(H), CVE-2014-9801(H), CVE-2014-9786(H), CVE-2014-9782(H), CVE-2014-9795(C), CVE-2014-9799(H), CVE-2014-9803(H), CVE-2016-3813(M), CVE-2014-9798(M), CVE-2014-9864(H), CVE-2014-9866(H), CVE-2014-9867(H), CVE-2014-9868(H), CVE-2014-9870(H), CVE-2014-9871(H), CVE-2014-9888(H), CVE-2014-9889(H), CVE-2015-8937(H), CVE-2015-8941(H), CVE-2015-8943(H), CVE-2016-2544(H), CVE-2014-9904(H), CVE-2012-6701(H), CVE-2014-9892(H), CVE-2014-9895(H), CVE-2015-8944(H), CVE-2014-9903(H), CVE-2016-4482(H), CVE-2016-3862(C), CVE-2016-3825(H), CVE-2014-9529(C), CVE-2016-3134(C), CVE-2014-4655(H), CVE-2016-3858(H), CVE-2016-3866(H), CVE-2016-3867(H), CVE-2016-3874(H), CVE-2016-2471(H), CVE-2015-5364(H), CVE-2016-4998(M), CVE-2015-2922(M), CVE-2016-2469(H), CVE-2016-3908(H), CVE-2016-3909(H), CVE-2016-3910(H), CVE-2016-3913(H), CVE-2016-3911(H), CVE-2016-3914(H), CVE-2016-3915(H), CVE-2016-3916(H), CVE-2016-3917(H), CVE-2016-3918(H), CVE-2016-3882(H), CVE-2016-3919(H), CVE-2016-3920(H), CVE-2016-3921(M), CVE-2016-3922(M), CVE-2016-3885(M), CVE-2016-3924(M), CVE-2016-3925(M), and CVE-2016-5343(H).
* Severity : (C)-Critical,   (H)-High,   (M)-Moderate,   (L)-Low

※ Please see Android Security Bulletin for detailed information on Google patches.


Along with Google patches, Samsung Mobile provides 7 Samsung Vulnerabilities and Exposures (SVE) items described below, in order to improve our customer’s confidence on security of Samsung Mobile devices¹.
Some of the SVE items may not be included in this package, in case these items were already included in a previous maintenance release.


SVE-2016-6560: Qjpeg 3rd party library security issue patch

Severity: Medium
Affected versions: L(5.0/5.1), M(6.0)
Reported on: June 17, 2016
Disclosure status: Privately disclosed.
Vulnerability in Qjpeg decode function may result in system crash when a malformed image is passed from a 3rd party library.
The patch fixes the vulnerability by modifying the proper memory allocation.


SVE-2016-7011: Kernel Crash via fb0(DECON)

Severity: Medium
Affected versions: All devices which use Exynos AP chipset
Reported on: May 27, 2016
Disclosure status: Privately disclosed.
Vulnerability in frame buffer interface results in system crash accessed by a malicious graphics user.
The patch fixes the vulnerability by adding the proper implementation in frame buffer interface.


¹ Some SVE items included in the Samsung Android Security Update cannot be disclosed at this time.

0 comments:

Post a Comment