BerryLink
分享 热爱 坚持

黑莓发布搭载Android系统BlackBerry手机安全公告-2017年8月

黑莓官方发布2017年8月份搭载Android系统BlackBerry手机(KEYone/PRIV/DTEK)安全公告,更新可解决之前Android系统存在已知系统漏洞,黑莓官方已从8月5号开始在全球分批次向Android系统黑莓手机推送系统更新推送升级提示,用户在收到更新后在WIFI环境下OTA更新即可。

更新升级包除修复已知系统安全漏洞外还对系统内部分功能进行了改进优化。

此次更新中修复的漏洞
以下漏洞在本更新中得到了修复:

Summary/摘要 Description/说明 CVE/漏洞编号
Elevation of Privilege in WiFi In the Wi-Fi service, a copy into a stack structure is not checked for length before the operation is performed. CVE-2017-0712
Remote Code Execution in Sfntly In the sfntly library used by libskia, a malformed font file could achieve privilege escalation due to an out-of-bounds read and probable write. CVE-2017-0713
Remote Code Execution in Mediaserver There is a missing bounds check in the GetMBHeader() function of the h263 decoder, that could lead to a heap memory overflow. Exploitation of this by a malicious MP4 file could lead to memory corruption and code execution in a privileged process. CVE-2017-0714
Remote Code Execution in Mediaserver In decoder/ih264d_utils.c in ih264d_allocate_dynamic_bufs (of libavc), there is an out-of-bounds write issue, which could lead to remote arbitrary code execution. CVE-2017-0715
Remote Code Execution in Mediaserver In decoder/impeg2d_vld.c in impeg2d_vld_decode (of libmpeg2), a missing bounds check can cause a head buffer overflow that could lead to remote arbitrary code execution in privileged process. CVE-2017-0716
Remote Code Execution in Mediaserver In the mpeg2 decoder, reading a different vertical slice than the one at the current decode position could result in an invalid calculation of the amount of data remaining. CVE-2017-0718
Remote Code Execution in Mediaserver In the mpeg2 decoder, an invalid picture structure could cause an out-of-bounds write, which could lead to memory corruption and code execution in a privileged process. CVE-2017-0719
Remote Code Execution in Mediaserver In decoder/ihevcd_parse_slice.c (of libhevc) a potential memory corruption could occur leading to remote arbitrary code execution. CVE-2017-0720
Remote Code Execution in Mediaserver In decoder/impeg2d_dec_hdr.c in impeg2d_dec_seq_hdr (of libmpeg2), there is no check for a 0 value of u2_width or u2_height. Parsing a malicious media file could lead to a clip dimension change which could lead to an out-of-bounds write leading to a remote arbitrary code execution. CVE-2017-0721
Remote Code Execution in Mediaserver In the h263 decoder, a malformed mpeg4 file could lead to an out-of-bounds write in a privileged process due to a size mismatch between the frame header and the frame body. CVE-2017-0722
Remote Code Execution in Mediaserver In decoder/ih264d_format_conv.c in ih264d_fmt_conv_420sp_to_420sp (of libavc), a heap buffer overflow could occur due to an unchecked num_rows in the memcpy, which could lead to remote arbitrary code execution in privileged process. CVE-2017-0723
Remote Code Execution in Mediaserver In m4v_h263/dec/src/vop.cpp in DecodeShortHeader (of libstagefright), there is no check that the height and width are less than the total video size. CVE-2017-0745
Denial of Service in Mediaserver In decoder/impeg2d_dec_hdr.c in impeg2d_dec_seq_hdr (of libmpeg2), there is no check for a 0 value of u2_width or u2_height. CVE-2017-0724
Denial of Service in Mediaserver In libstagefright/MPEG4Extractor.cpp in MPEG4Extractor::parseMetaData (of libstagefright) a memory leak could lead to resouRemote Code Execution exhaustion which could lead to a remote temporary denial of service. CVE-2017-0726
Denial of Service in Mediaserver In the hevc software decoder, a malformed mpeg4 file could result in a null pointer dereference. CVE-2017-0728
Elevation of Privilege in MediaDrmServer There is a possible integer overflow in the clearkey plugin for the MediaDrmServer process. CVE-2017-0729
Denial of Service in Mediaserver In the h264 decoder, a malformed mpeg4 file could cause a crash. CVE-2017-0730
Elevation of Privilege in Mediaserver In the mpeg4 encoder, an app could set a zero width or height parameter causing a bad allocation, but change the width or height later. When the encoder is cleaned up, the wrong address is freed, which could to memory corruption and code execution. CVE-2017-0731
Elevation of Privilege in Mediaserver There is a vulnerability in mediaserver where an application could cause a hang in a mediaserver thread creating a graphics buffer. Another thread attempting to use that buffer could cause the reference count to be decremented and the buffer freed. When the creating thread resumes, it uses the buffer that has already been freed, which could lead to memory corruption and code execution. CVE-2017-0732
Denial of Service in Mediaserver In NuPlayerDecoder (of libmediaplayerservice), when processing bad input data, a CHECK abort could lead to a remote temporary denial of service. CVE-2017-0733
Denial of Service in Mediaserver In decoder/ih264d_dpb_mgr.c in ih264d_delete_st_node_or_make_lt (of libavc), a null pointer dereference could lead to a remote temporary denial of service. CVE-2017-0734
Denial of Service in Mediaserver In decoder/ih264d_parse_headers.c in ih264d_parse_sps (of libavc) a crafted media could cause an infinite loop due to improper input validation when changing resolutions which could lead to a remote temporary denial of service. CVE-2017-0735
Denial of Service in Mediaserver In decoder/ih264d_parse_headers.c in ih264d_parse_nal_unit (of libavc) a crafted media could lead to an infinite loop due to missing input validation which could lead to a remote temporary denial of service. CVE-2017-0736
Denial of Service in Mediaserver In decoder/ih264d_parse_headers.c in ih264d_parse_sps (of libavc), improper input validation could lead to remote temporary denial of service when the media stream changes resolution. CVE-2017-0687
Elevation of Privilege in Mediaserver In libgui.so, a missing bounds check could lead to an arbitrary write in a privileged process which could lead to an elevation of privilege. CVE-2017-0737
Information Disclosure in Mediaserver Inside audioserver the parameters of equalizer Effect_command is not properly checked and could cause an out-of-bounds read leading to information disclosure. CVE-2017-0738
Information Disclosure in Mediaserver In decoder/ihevcd_nal.c in ihevcd_nal_remv_emuln_bytes (of libhevc), an out-of-bounds read could lead to information disclosure. CVE-2017-0739
Remote Code Execution in Broadcom WiFi After the patch for CVE-2016-0802 (ANDROID-25306181), if a device had updated the kernel but not the bcm4354 firmware, there were still possible out-of-bounds memory writes if the chip sent a ETHER_TYPE_BRCM packet to the host with a malformed length. CVE-2017-0740
Elevation of Privilege in Kernel File System Unvalidated input parameters In the F2FS module could allow for kernel memory corruption, which could result in arbitrary code execution in the TCB. CVE-2017-0750
Elevation of Privilege in Kernel In msm/kernel/trace/trace.c, there is insufficient locking when accessing savedcmd that could result in a use after free, leading to escalation of privilege. CVE-2017-0749
Elevation of Privilege in Qualcomm IPA Driver An integer overflow in the reference counter variables in the ipa driver could cause a potential use after free leading to elevation of privilege. CVE-2017-0746
Elevation of Privilege Elevation of Privilege in Qualcomm Component The qseecomd process has CAP_SYS_ADMIN and CAP_NET_RAW capabilities which are not necessary. CVE-2017-0747
Elevation of Privilege Elevation of Privilege in Qualcomm Video Driver In the /dev/graphics/fb0 driver when running a 32-bit kernel, there is an out-of-bounds write that could lead to escalation of privilege. CVE-2017-9678
Elevation of Privilege Elevation of Privilege in Qualcomm MobiCore Driver Reading from /sys/kernel/debug/trustonic_tee/info, on devices where it exists, could lead to an escalation of privilege, due to insufficient locking. CVE-2017-9691
Elevation of Privilege in Qualcomm USB Driver In rndis_qc_bind_config_vendor and related functions, access to the _rndis_qc variable is not protected by a lock. There is a possible use after free vulnerability that could lead to escalation of privilege. CVE-2017-9684
Information Disclosure in Qualcomm GPU Driver There is an improper locking causing use after free issue in kgsl device which could lead to information disclosure. CVE-2017-9682
Information Disclosure in Qualcomm SoC Driver In the qbt1000 driver, a user space string is copied into local buffer without ensuring that it is properly NULL terminated. CVE-2017-9679
Information Disclosure in Qualcomm SoC Driver Uninitialized variables in the qbt1000 driver could lead to information disclosure. CVE-2017-9680
Information Disclosure in Qualcomm Audio Driver In the audio driver, a missing return value check together with an uninitialized local variable could lead to information disclosure. CVE-2017-0748
Information Disclosure in Qualcomm Radio Driver The function iris_vidioc_s_ext_ctrls directly dereferences a user-passed pointer as a string, which could lead to information disclosure. CVE-2017-9681
Information Disclosure in Qualcomm Networking Driver In __wlan_hdd_change_station, the length of params->ext_capab has insufficient checks, which could lead to information disclosure due to an out-of-bounds read. CVE-2017-9693
Information Disclosure in Qualcomm Networking Driver In __wlan_hdd_cfg80211_extscan_set_bssid_hotlist, the policy used to enfoRemote Code Execution the size of the attributes for nla_parse does not include an entry for QCA_WLAN_VENDOR_ATTR_EXTSCAN_BSSID_HOTLIST_PARAMS_LOST_AP_SAMPLE_SIZE, which could lead to a possible out-of-bounds read and information disclosure. CVE-2017-9694
Elevation of Privilege in Qualcomm QCE Driver Multiple IOCTLs within the QCE driver use a non-validated field provided by the user. CVE-2017-0751

黑莓官方是全球手机品牌厂商中为数不多能够及时提供系统漏洞更新与补丁的商家,GOOGLE在最新的Android安全报告中特别提到黑莓是能够保障用户安全的厂商,黑莓除了每月定期的更新外,还会在Android系统存在中大安全漏洞时第一时间为用户提供系统补丁,保障用户的使用安全。

赞(0)
请遵循网络共享条款,保留原作者与链接:黑莓手机爱好者 » 黑莓发布搭载Android系统BlackBerry手机安全公告-2017年8月
分享到: 更多 (0)

评论 抢沙发

评论前必须登录!

 

BerryLink专注BlackBerry的开放式平台,邀您加入

加入我们团队成员