Ni las Elecciones Nacionales en Estados Unidos son persuasivo para que Google emitiera su debido boletín de seguridad para Android, correspondiente al mes de Noviembre y aquí las novedades.
Como es la costumbre, la siguiente es la lista de las mejoras de seguridad que Google ha emitido en Android para el mes de Noviembre y el mismo incluye 14 fallos críticos, 23 de alta prioridad y 10 como situaciones moderadas.
Lista de vulnerabilidades corregidas efectivo en 11/01/2016
| Issue | CVE | Severity | Affects Google devices? |
|---|---|---|---|
| Remote code execution vulnerability in Mediaserver | CVE-2016-6699 | Critical | Yes |
| Elevation of privilege vulnerability in libzipfile | CVE-2016-6700 | Critical | No* |
| Remote code execution vulnerability in Skia | CVE-2016-6701 | High | Yes |
| Remote code execution vulnerability in libjpeg | CVE-2016-6702 | High | No* |
| Remote code execution vulnerability in Android runtime | CVE-2016-6703 | High | No* |
| Elevation of privilege vulnerability in Mediaserver | CVE-2016-6704, CVE-2016-6705, CVE-2016-6706 | High | Yes |
| Elevation of privilege vulnerability in System Server | CVE-2016-6707 | High | Yes |
| Elevation of privilege vulnerability in System UI | CVE-2016-6708 | High | Yes |
| Information disclosure vulnerability in Conscrypt and BoringSSL | CVE-2016-6709 | High | Yes |
| Information disclosure vulnerability in download manager | CVE-2016-6710 | High | Yes |
| Denial of service vulnerability in Bluetooth | CVE-2014-9908 | High | No* |
| Denial of service vulnerability in OpenJDK | CVE-2015-0410 | High | Yes |
| Denial of service vulnerability in Mediaserver | CVE-2016-6711, CVE-2016-6712, CVE-2016-6713, CVE-2016-6714 | High | Yes |
| Elevation of privilege vulnerability in Framework APIs | CVE-2016-6715 | Moderate | Yes |
| Elevation of privilege vulnerability in AOSP Launcher | CVE-2016-6716 | Moderate | Yes |
| Elevation of privilege vulnerability in Mediaserver | CVE-2016-6717 | Moderate | Yes |
| Elevation of privilege vulnerability in Account Manager Service | CVE-2016-6718 | Moderate | Yes |
| Elevation of privilege vulnerability in Bluetooth | CVE-2016-6719 | Moderate | Yes |
| Information disclosure vulnerability in Mediaserver | CVE-2016-6720, CVE-2016-6721, CVE-2016-6722 | Moderate | Yes |
| Denial of service vulnerability in Proxy Auto Config | CVE-2016-6723 | Moderate | Yes |
| Denial of service vulnerability in Input Manager Service | CVE-2016-6724 | Moderate | Yes |
Lista de vulnerabilidades corregidas efectivo en 11/01/2016
| Issue | CVE | Severity | Affects Google devices? |
|---|---|---|---|
| Remote code execution vulnerability in Qualcomm crypto driver | CVE-2016-6725 | Critical | Yes |
| Elevation of privilege vulnerability in kernel file system | CVE-2015-8961, CVE-2016-7910, CVE-2016-7911 | Critical | Yes |
| Elevation of privilege vulnerability in kernel SCSI driver | CVE-2015-8962 | Critical | Yes |
| Elevation of privilege vulnerability in kernel media driver | CVE-2016-7913 | Critical | Yes |
| Elevation of privilege vulnerability in kernel USB driver | CVE-2016-7912 | Critical | Yes |
| Elevation of privilege vulnerability in kernel ION subsystem | CVE-2016-6728 | Critical | Yes |
| Elevation of privilege vulnerability in Qualcomm bootloader | CVE-2016-6729 | Critical | Yes |
| Elevation of privilege vulnerability in NVIDIA GPU driver | CVE-2016-6730, CVE-2016-6731, CVE-2016-6732, CVE-2016-6733, CVE-2016-6734, CVE-2016-6735, CVE-2016-6736 | Critical | Yes |
| Elevation of privilege vulnerability in kernel networking subsystem | CVE-2016-6828 | Critical | Yes |
| Elevation of privilege vulnerability in kernel sound subsystem | CVE-2016-2184 | Critical | Yes |
| Elevation of privilege vulnerability in kernel ION subsystem | CVE-2016-6737 | Critical | Yes |
| Vulnerabilities in Qualcomm components | CVE-2016-6726, CVE-2016-6727 | Critical | Yes |
| Remote code execution vulnerability in Expat | CVE-2016-0718, CVE-2012-6702, CVE-2016-5300, CVE-2015-1283 | High | No* |
| Remote code execution vulnerability in Webview | CVE-2016-6754 | High | No* |
| Remote code execution vulnerability in Freetype | CVE-2014-9675 | High | No* |
| Elevation of privilege vulnerability in kernel performance subsystem | CVE-2015-8963 | High | Yes |
| Elevation of privilege vulnerability in kernel system-call auditing subsystem | CVE-2016-6136 | High | Yes |
| Elevation of privilege vulnerability in Qualcomm crypto engine driver | CVE-2016-6738 | High | Yes |
| Elevation of privilege vulnerability in Qualcomm camera driver | CVE-2016-6739, CVE-2016-6740, CVE-2016-6741 | High | Yes |
| Elevation of privilege vulnerability in Qualcomm bus driver | CVE-2016-3904 | High | Yes |
| Elevation of privilege vulnerability in Synaptics touchscreen driver | CVE-2016-6742, CVE-2016-6744, CVE-2016-6745, CVE-2016-6743 | High | Yes |
| Information disclosure vulnerability in kernel components | CVE-2015-8964, CVE-2016-7914, CVE-2016-7915, CVE-2016-7916 | High | Yes |
| Information disclosure vulnerability in NVIDIA GPU driver | CVE-2016-6746 | High | Yes |
| Denial of service vulnerability in Mediaserver | CVE-2016-6747 | High | Yes |
| Information disclosure vulnerability in kernel components | CVE-2016-6753, CVE-2016-7917 | Moderate | Yes |
| Information disclosure vulnerability in Qualcomm components | CVE-2016-6748, CVE-2016-6749, CVE-2016-6750, CVE-2016-3906, CVE-2016-3907, CVE-2016-6698, CVE-2016-6751, CVE-2016-6752 | Moderate | Yes |
Sorpresivamente, se emitió una mejorar suplementar que entró en vigencia para el día de ayer y responde a un error de elevación de privilegio a nivel del kernel de Linux.
Se espera que ya proximame4nte los equipos Google Nexus, Pixel, Google Nexus Player y socios que siguen consistentemente los boletines actualicen durante el día sus imágenes de Android correspondientes.
