Samsung ha pubblicato l'elenco dell'aggiornamento Security Maintenance Release (SMR) per il mese di ottobre, che la società coreana inizierà a distribuire a partire dai prossimi giorni sugli smartphone più recenti.
L'elenco comprende 68 'Common Vulnerabilities and Exposures' (CVE), che riguardano sia il sistema operativo Android che alcune funzionalità Samsung. L'elenco per motivi di sicurezza omette i particolari sulle vulnerabilità scoperte e include anche una falla nel sistema di autenticazione tramite lettura della retina del nuovo
Galaxy Note 7.
SMR-OCT-2016
Samsung Mobile is releasing a maintenance release for major flagship models as part of monthly Security Maintenance Release (SMR) process.
This SMR package includes patches from Google and Samsung.
Google patches include patches up to Android Security Bulletin - October 2016 package.
The Bulletin (October 2016) contains the following CVE items:
CVE-2016-0848(H), CVE-2016-2061(H), CVE-2016-3748(H), CVE-2016-3762(M), CVE-2016-3768(C), CVE-2015-8816(C), CVE-2014-9790(H), CVE-2014-9800(H), CVE-2014-9801(H), CVE-2014-9786(H), CVE-2014-9782(H), CVE-2014-9795(C), CVE-2014-9799(H), CVE-2014-9803(H), CVE-2016-3813(M), CVE-2014-9798(M), CVE-2014-9864(H), CVE-2014-9866(H), CVE-2014-9867(H), CVE-2014-9868(H), CVE-2014-9870(H), CVE-2014-9871(H), CVE-2014-9888(H), CVE-2014-9889(H), CVE-2015-8937(H), CVE-2015-8941(H), CVE-2015-8943(H), CVE-2016-2544(H), CVE-2014-9904(H), CVE-2012-6701(H), CVE-2014-9892(H), CVE-2014-9895(H), CVE-2015-8944(H), CVE-2014-9903(H), CVE-2016-4482(H), CVE-2016-3862(C), CVE-2016-3825(H), CVE-2014-9529(C), CVE-2016-3134(C), CVE-2014-4655(H), CVE-2016-3858(H), CVE-2016-3866(H), CVE-2016-3867(H), CVE-2016-3874(H), CVE-2016-2471(H), CVE-2015-5364(H), CVE-2016-4998(M), CVE-2015-2922(M), CVE-2016-2469(H), CVE-2016-3908(H), CVE-2016-3909(H), CVE-2016-3910(H), CVE-2016-3913(H), CVE-2016-3911(H), CVE-2016-3914(H), CVE-2016-3915(H), CVE-2016-3916(H), CVE-2016-3917(H), CVE-2016-3918(H), CVE-2016-3882(H), CVE-2016-3919(H), CVE-2016-3920(H), CVE-2016-3921(M), CVE-2016-3922(M), CVE-2016-3885(M), CVE-2016-3924(M), CVE-2016-3925(M), and CVE-2016-5343(H).
* Severity : (C)-Critical, (H)-High, (M)-Moderate, (L)-Low
※ Please see Android Security Bulletin for detailed information on Google patches.
Along with Google patches, Samsung Mobile provides 7 Samsung Vulnerabilities and Exposures (SVE) items described below, in order to improve our customer's confidence on security of Samsung Mobile devices¹.
Some of the SVE items may not be included in this package, in case these items were already included in a previous maintenance release.
SVE-2016-6560: Qjpeg 3rd party library security issue patch
Severity: Medium
Affected versions: L(5.0/5.1), M(6.0)
Reported on: June 17, 2016
Disclosure status: Privately disclosed.
Vulnerability in Qjpeg decode function may result in system crash when a malformed image is passed from a 3rd party library.
The patch fixes the vulnerability by modifying the proper memory allocation.
SVE-2016-7011: Kernel Crash via fb0(DECON)
Severity: Medium
Affected versions: All devices which use Exynos AP chipset
Reported on: May 27, 2016
Disclosure status: Privately disclosed.
Vulnerability in frame buffer interface results in system crash accessed by a malicious graphics user.
The patch fixes the vulnerability by adding the proper implementation in frame buffer interface.
¹ Some SVE items included in the Samsung Android Security Update cannot be disclosed at this time.