728x90
LG Mobile Security Maintenance Release Summary (SMR)
The April Security Bulletin contains the 77 patches for the vulnerabilities from Google. The most severe of these vulnerabilities is that a remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. It also includes patches for the vulnerabilities. The security patch level is [2017-04-01] and and the patches contains modified codes about the 76 CVE and 1 LVE items.
Security issues Summary
CVE Items from Google patch (Android Bulletin April 2017)
- critical: CVE-2017-0538,CVE-2017-0539,CVE-2017-0540,CVE-2017-0541,CVE-2017-0542,CVE-2017-0543,CVE-2017-0500,CVE-2017-0501,CVE-2017-0502,CVE-2017-0503,CVE-2017-0504,CVE-2017-0505,CVE-2017-0506,CVE-2017-0507,CVE-2017-0508,CVE-2017-0509,CVE-2017-0510,CVE-2016-8479,CVE-2016-9806,CVE-2016-10200,CVE-2016-8484,CVE-2016-8485,CVE-2016-8486,CVE-2016-8487,CVE-2016-8488
- high: CVE-2017-0477,CVE-2017-0544,CVE-2017-0545,CVE-2017-0546,CVE-2016-0552,CVE-2017-0547,CVE-2017-0548,CVE-2017-0549,CVE-2017-0550,CVE-2017-0551,CVE-2017-0552,CVE-2016-8655,CVE-2016-9793,CVE-2017-0516,CVE-2017-0517,CVE-2017-0457,CVE-2017-0520,CVE-2017-0458,CVE-2017-0521,CVE-2017-0453,CVE-2017-0524,CVE-2017-0525,CVE-2017-0456,CVE-2017-0463,CVE-2017-0460,CVE-2017-0528,CVE-2016-5856,CVE-2016-5857,CVE-2014-8709,CVE-2017-0529,CVE-2017-0455,CVE-2016-8483,CVE-2016-8650
- moderate: CVE-2017-0553,CVE-2017-0554,CVE-2017-0555,CVE-2017-0556,CVE-2017-0557,CVE-2017-0558,CVE-2017-0559,CVE-2017-0560,CVE-2016-8417,CVE-2017-0461,CVE-2017-0459,CVE-2017-0531,CVE-2017-0532,CVE-2016-8413,CVE-2016-8477,CVE-2017-0536,CVE-2017-0537
- low: CVE-2017-0452
LG Vulnerabilities and Exposures(LVE) Items from LG
- high: LVE-SMP-170001
Security issues Details
You can see the detail information on Google patches from Android Security Bulletin site.There is a description of the security issue, a severity, affected devices information and date reported.
LVE-SMP-170001- Severity : High
- Date reported : Feb 09, 2017
- Affected device information : Android OS 5.0.2/5.1.1/6.0/6.0.1/7.0/7.1.1
- Description :
Bad allocation calls in liblg_parser_mkv.so could result in memory corruption and potential remote-code-execution in the media-server process.
Acknowledgements
We would like to thank the following researchers for their contributions.
We would like to thank the following researchers for their contributions.
- Mark Brand of Google Project Zero : LVE-SMP-170001
728x90
'취약점 정보2' 카테고리의 다른 글
MS 4월 보안 위협에 따른 정기 보안 업데이트 권고 (0) | 2017.04.12 |
---|---|
MS 2017-04월 정기 업데이트 (0) | 2017.04.12 |
삼성 모바일 2017년 4월 업데이트 내역 (0) | 2017.04.10 |
iptime 제품 펌웨어 업데이트 (0) | 2017.04.05 |
Apple(iOS) 보안 업데이트 권고 (0) | 2017.04.04 |