본문 바로가기

취약점 정보2

LG 모바일 안드로이드 2017년4월 업데이트 내역

728x90

LG Mobile Security Maintenance Release Summary (SMR)

The April Security Bulletin contains the 77 patches for the vulnerabilities from Google. The most severe of these vulnerabilities is that a remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. It also includes patches for the vulnerabilities. The security patch level is [2017-04-01] and and the patches contains modified codes about the 76 CVE and 1 LVE items.

Security issues Summary

CVE Items from Google patch (Android Bulletin April 2017)
  • critical: 
    CVE-2017-0538
    CVE-2017-0539
    CVE-2017-0540
    CVE-2017-0541
    CVE-2017-0542
    CVE-2017-0543
    CVE-2017-0500
    CVE-2017-0501
    CVE-2017-0502
    CVE-2017-0503
    CVE-2017-0504
    CVE-2017-0505
    CVE-2017-0506
    CVE-2017-0507
    CVE-2017-0508
    CVE-2017-0509
    CVE-2017-0510
    CVE-2016-8479
    CVE-2016-9806
    CVE-2016-10200
    CVE-2016-8484
    CVE-2016-8485
    CVE-2016-8486
    CVE-2016-8487
    CVE-2016-8488
  • high: 
    CVE-2017-0477
    CVE-2017-0544
    CVE-2017-0545
    CVE-2017-0546
    CVE-2016-0552
    CVE-2017-0547
    CVE-2017-0548
    CVE-2017-0549
    CVE-2017-0550
    CVE-2017-0551
    CVE-2017-0552
    CVE-2016-8655
    CVE-2016-9793
    CVE-2017-0516
    CVE-2017-0517
    CVE-2017-0457
    CVE-2017-0520
    CVE-2017-0458
    CVE-2017-0521
    CVE-2017-0453
    CVE-2017-0524
    CVE-2017-0525
    CVE-2017-0456
    CVE-2017-0463
    CVE-2017-0460
    CVE-2017-0528
    CVE-2016-5856
    CVE-2016-5857
    CVE-2014-8709
    CVE-2017-0529
    CVE-2017-0455
    CVE-2016-8483
    CVE-2016-8650
  • moderate: 
    CVE-2017-0553
    CVE-2017-0554
    CVE-2017-0555
    CVE-2017-0556
    CVE-2017-0557
    CVE-2017-0558
    CVE-2017-0559
    CVE-2017-0560
    CVE-2016-8417
    CVE-2017-0461
    CVE-2017-0459
    CVE-2017-0531
    CVE-2017-0532
    CVE-2016-8413
    CVE-2016-8477
    CVE-2017-0536
    CVE-2017-0537
  • low: 
    CVE-2017-0452
LG Vulnerabilities and Exposures(LVE) Items from LG
  • high: 
    LVE-SMP-170001

Security issues Details

You can see the detail information on Google patches from Android Security Bulletin site.There is a description of the security issue, a severity, affected devices information and date reported.

LVE-SMP-170001
  • Severity : High
  • Date reported : Feb 09, 2017
  • Affected device information : Android OS 5.0.2/5.1.1/6.0/6.0.1/7.0/7.1.1
  • Description : 
    Bad allocation calls in liblg_parser_mkv.so could result in memory corruption and potential remote-code-execution in the media-server process.
Acknowledgements
We would like to thank the following researchers for their contributions.
  • Mark Brand of Google Project Zero : LVE-SMP-170001


728x90