Docs: December 2015 security bulletin
Bug: 25931435
Change-Id: Ic9e7555e6f28da58bd865aa8317f1334270d45d2
diff --git a/src/security/bulletin/2015-12-01.jd b/src/security/bulletin/2015-12-01.jd
new file mode 100644
index 0000000..d089353
--- /dev/null
+++ b/src/security/bulletin/2015-12-01.jd
@@ -0,0 +1,670 @@
+page.title=Nexus Security Bulletin - December 2015
+@jd:body
+
+<!--
+ Copyright 2015 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<div id="qv-wrapper">
+ <div id="qv">
+ <h2>In this document</h2>
+ <ol id="auto-toc">
+ </ol>
+ </div>
+</div>
+
+<p><em>Published December 07, 2015</em></p>
+
+<p>We have released a security update to Nexus devices through an over-the-air
+(OTA) update as part of our Android Security Bulletin Monthly Release process.
+The Nexus firmware images have also been released to the <a href="https://developers.google.com/android/nexus/images">Google Developer site</a>. Builds LMY48Z or later and Android Marshmallow with Security Patch Level of
+December 1, 2015 or later address these issues. Refer to the <a href="#common_questions_and_answers">Common Questions and Answers</a> section for more details.</p>
+
+<p>Partners were notified about and provided updates for these issues on November
+2, 2015 or earlier. Source code patches for these issues will be released to
+the Android Open Source Project (AOSP) repository over the next 48 hours. We
+will revise this bulletin with the AOSP links when they are available.</p>
+
+<p>The most severe of these issues is a Critical security vulnerability that could
+enable remote code execution on an affected device through multiple methods
+such as email, web browsing, and MMS when processing media files.</p>
+
+<p>We have had no reports of active customer exploitation of these newly reported
+issues. Refer to the <a href="#mitigations">Mitigations</a> section for details on the <a href="{@docRoot}security/enhancements/index.html">Android security platform protections</a> and service protections such as SafetyNet, which improve the security of the
+Android platform. We encourage all customers to accept these updates to their
+devices.</p>
+
+<h2 id="security_vulnerability_summary">Security Vulnerability Summary</h2>
+
+<p>The table below contains a list of security vulnerabilities, the Common
+Vulnerability and Exposures ID (CVE), and their assessed severity. The <a href="{@docRoot}security/overview/updates-resources.html#severity">severity assessment</a> is based on the effect that exploiting the vulnerability would have on an
+affected device, assuming the platform and service mitigations are disabled for
+development purposes or if successfully bypassed.</p>
+<table>
+ <tr>
+ <th>Issue</th>
+ <th>CVE</th>
+ <th>Severity</th>
+ </tr>
+ <tr>
+ <td>Remote Code Execution Vulnerability in Mediaserver</td>
+ <td>CVE-2015-6616</td>
+ <td>Critical</td>
+ </tr>
+ <tr>
+ <td>Remote Code Execution Vulnerability in Skia</td>
+ <td>CVE-2015-6617</td>
+ <td>Critical</td>
+ </tr>
+ <tr>
+ <td>Elevation of Privilege in Kernel</td>
+ <td>CVE-2015-6619</td>
+ <td>Critical</td>
+ </tr>
+ <tr>
+ <td>Remote Code Execution Vulnerabilities in Display Driver</td>
+ <td>CVE-2015-6633<br>
+ CVE-2015-6634</td>
+ <td>Critical</td>
+ </tr>
+ <tr>
+ <td>Remote Code Execution Vulnerability in Bluetooth</td>
+ <td>CVE-2015-6618</td>
+ <td>High</td>
+ </tr>
+ <tr>
+ <td>Elevation of Privilege Vulnerabilities in libstagefright</td>
+ <td>CVE-2015-6620 </td>
+ <td>High</td>
+ </tr>
+ <tr>
+ <td>Elevation of Privilege Vulnerability in SystemUI</td>
+ <td>CVE-2015-6621</td>
+ <td>High</td>
+ </tr>
+ <tr>
+ <td>Elevation of Privilege Vulnerability in Native Frameworks Library</td>
+ <td>CVE-2015-6622</td>
+ <td>High</td>
+ </tr>
+ <tr>
+ <td>Elevation of Privilege Vulnerability in Wi-Fi</td>
+ <td>CVE-2015-6623</td>
+ <td>High</td>
+ </tr>
+ <tr>
+ <td>Elevation of Privilege Vulnerability in System Server</td>
+ <td>CVE-2015-6624</td>
+ <td>High</td>
+ </tr>
+ <tr>
+ <td>Information Disclosure Vulnerabilities in libstagefright</td>
+ <td>CVE-2015-6626<br>
+ CVE-2015-6631<br>
+ CVE-2015-6632</td>
+ <td>High</td>
+ </tr>
+ <tr>
+ <td>Information Disclosure Vulnerability in Audio</td>
+ <td>CVE-2015-6627</td>
+ <td>High</td>
+ </tr>
+ <tr>
+ <td>Information Disclosure Vulnerability in Media Framework</td>
+ <td>CVE-2015-6628</td>
+ <td>High</td>
+ </tr>
+ <tr>
+ <td>Information Disclosure Vulnerability in Wi-Fi</td>
+ <td>CVE-2015-6629</td>
+ <td>High</td>
+ </tr>
+ <tr>
+ <td>Elevation of Privilege Vulnerability in System Server</td>
+ <td>CVE-2015-6625</td>
+ <td>Moderate</td>
+ </tr>
+ <tr>
+ <td>Information Disclosure Vulnerability in SystemUI</td>
+ <td>CVE-2015-6630</td>
+ <td>Moderate</td>
+ </tr>
+</table>
+
+
+<p>The <a href="{@docRoot}security/overview/updates-resources.html#severity">severity assessment</a> is based on the effect that exploiting the vulnerability would have on an
+affected device, assuming the platform and service mitigations are disabled for
+development purposes or if successfully bypassed.</p>
+
+<h2 id="mitigations">Mitigations</h2>
+
+
+<p>This is a summary of the mitigations provided by the <a href="{@docRoot}security/enhancements/index.html">Android security platform</a> and service protections such as SafetyNet. These capabilities reduce the
+likelihood that security vulnerabilities could be successfully exploited on
+Android.</p>
+
+<ul>
+ <li> Exploitation for many issues on Android is made more difficult by enhancements
+in newer versions of the Android platform. We encourage all users to update to
+the latest version of Android where possible.</li>
+ <li> The Android Security team is actively monitoring for abuse with Verify Apps and
+SafetyNet which will warn about potentially harmful applications about to be
+installed. Device rooting tools are prohibited within Google Play. To protect
+users who install applications from outside of Google Play, Verify Apps is
+enabled by default and will warn users about known rooting applications. Verify
+Apps attempts to identify and block installation of known malicious
+applications that exploit a privilege escalation vulnerability. If such an
+application has already been installed, Verify Apps will notify the user and
+attempt to remove any such applications.</li>
+ <li> As appropriate, Google Hangouts and Messenger applications do not automatically
+pass media to processes such as mediaserver.</li>
+</ul>
+
+<h2 id="acknowledgements">Acknowledgements</h2>
+
+<p>We would like to thank these researchers for their contributions:</p>
+
+<ul>
+ <li> Abhishek Arya, Oliver Chang, and Martin Barbella of Google Chrome Security
+Team: CVE-2015-6616, CVE-2015-6617, CVE-2015-6623, CVE-2015-6626,
+CVE-2015-6619, CVE-2015-6633, CVE-2015-6634
+ <li> Flanker (<a href="https://twitter.com/flanker_hqd">@flanker_hqd</a>) of <a href="http://k33nteam.org/">KeenTeam</a> (<a href="https://twitter.com/k33nteam">@K33nTeam</a>): CVE-2015-6620
+ <li> Guang Gong (龚广) (<a href="https://twitter.com/oldfresher">@oldfresher</a>, higongguang@gmail.com) of <a href="http://www.360.cn">Qihoo 360 Technology Co.Ltd</a>: CVE-2015-6626
+ <li> Mark Carter (<a href="https://twitter.com/hanpingchinese">@hanpingchinese</a>) of EmberMitre Ltd: CVE-2015-6630
+ <li> Michał Bednarski (<a href="https://github.com/michalbednarski">https://github.com/michalbednarski</a>): CVE-2015-6621
+ <li> Natalie Silvanovich of Google Project Zero: CVE-2015-6616
+ <li> Peter Pi of Trend Micro: CVE-2015-6616, CVE-2015-6628
+ <li> Qidan He (<a href="https://twitter.com/flanker_hqd">@flanker_hqd</a>) and Marco Grassi (<a href="https://twitter.com/marcograss">@marcograss</a>) of <a href="http://k33nteam.org/">KeenTeam</a> (<a href="https://twitter.com/k33nteam">@K33nTeam</a>): CVE-2015-6622
+ <li> Tzu-Yin (Nina) Tai: CVE-2015-6627
+</ul>
+
+<h2 id="security_vulnerability_details">Security Vulnerability Details</h2>
+
+<p>In the sections below, we provide details for each of the security
+vulnerabilities listed in the <a href="#security_vulnerability_summary">Security Vulnerability Summary</a> above. There is a description of the issue, a severity rationale, and a table
+with the CVE, associated bug, severity, affected versions, and date reported.
+When available, we will link the AOSP commit that addressed the issue to the
+bug ID. When multiple changes relate to a single bug, additional AOSP
+references are linked to numbers following the bug ID.</p>
+
+<h3 id="remote_code_execution_vulnerabilities_in_mediaserver">Remote Code Execution Vulnerabilities in Mediaserver</h3>
+
+
+<p>During media file and data processing of a specially crafted file,
+vulnerabilities in mediaserver could allow an attacker to cause memory
+corruption and remote code execution as the mediaserver process.</p>
+
+<p>The affected functionality is provided as a core part of the operating system
+and there are multiple applications that allow it to be reached with remote
+content, most notably MMS and browser playback of media.</p>
+
+<p>This issue is rated as a Critical severity due to the possibility of remote
+code execution within the context of the mediaserver service. The mediaserver
+service has access to audio and video streams as well as access to privileges
+that third-party apps cannot normally access.</p>
+<table>
+ <tr>
+ <th>CVE</th>
+ <th>Bug(s) </th>
+ <th>Severity</th>
+ <th>Affected versions</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td rowspan="5">CVE-2015-6616</td>
+ <td>ANDROID-24630158</td>
+ <td>Critical</td>
+ <td>6.0 and below</td>
+ <td>Google Internal</td>
+ </tr>
+ <tr>
+ <td>ANDROID-23882800</td>
+ <td>Critical</td>
+ <td>6.0 and below</td>
+ <td>Google Internal</td>
+ </tr>
+ <tr>
+ <td>ANDROID-17769851</td>
+ <td>Critical</td>
+ <td>5.1 and below</td>
+ <td>Google Internal</td>
+ </tr>
+ <tr>
+ <td>ANDROID-24441553</td>
+ <td>Critical</td>
+ <td>6.0 and below</td>
+ <td>Sep 22, 2015</td>
+ </tr>
+ <tr>
+ <td>ANDROID-24157524</td>
+ <td>Critical</td>
+ <td>6.0</td>
+ <td>Sep 08, 2015</td>
+ </tr>
+</table>
+
+<h3 id="remote_code_execution_vulnerability_in_skia">Remote Code Execution Vulnerability in Skia</h3>
+
+<p>A vulnerability in the Skia component may be leveraged when processing a
+specially crafted media file, that could lead to memory corruption and remote
+code execution in a privileged process. This issue is rated as a Critical
+severity due to the possibility of remote code execution through multiple
+attack methods such as email, web browsing, and MMS when processing media
+files.</p>
+<table>
+ <tr>
+ <th>CVE</th>
+ <th>Bug(s) </th>
+ <th>Severity</th>
+ <th>Affected versions</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2015-6617</td>
+ <td>ANDROID-23648740</td>
+ <td>Critical</td>
+ <td>6.0 and below</td>
+ <td>Google internal</td>
+ </tr>
+</table>
+
+<h3 id="elevation_of_privilege_in_kernel">Elevation of Privilege in Kernel</h3>
+
+<p>An elevation of privilege vulnerability in the system kernel could enable a
+local malicious application to execute arbitrary code within the device root
+context. This issue is rated as a Critical severity due to the possibility of a
+local permanent device compromise and the device could only be repaired by
+re-flashing the operating system.</p>
+<table>
+ <tr>
+ <th>CVE</th>
+ <th>Bug(s) </th>
+ <th>Severity</th>
+ <th>Affected versions</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2015-6619</td>
+ <td>ANDROID-23520714</td>
+ <td>Critical</td>
+ <td>6.0 and below</td>
+ <td>Jun 7, 2015</td>
+ </tr>
+</table>
+
+<h3 id="remote_code_execution_vulnerabilities_in_display_driver">
+Remote Code Execution Vulnerabilities in Display Driver</h3>
+
+<p>There are vulnerabilities in the display drivers that, when processing a media
+file, could cause memory corruption and potential arbitrary code execution in
+the context of the user mode driver loaded by mediaserver. This issue is rated
+as a Critical severity due to the possibility of remote code execution through
+multiple attack methods such as email, web browsing, and MMS when processing
+media files.</p>
+<table>
+ <tr>
+ <th>CVE</th>
+ <th>Bug(s) </th>
+ <th>Severity</th>
+ <th>Affected versions</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2015-6633</td>
+ <td>ANDROID-23987307</td>
+ <td>Critical</td>
+ <td>6.0 and below</td>
+ <td>Google Internal</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-6634</td>
+ <td>ANDROID-24163261</td>
+ <td>Critical</td>
+ <td>5.1 and below</td>
+ <td>Google Internal</td>
+ </tr>
+</table>
+
+
+<h3 id="remote_code_execution_vulnerability_in_bluetooth">Remote Code Execution Vulnerability in Bluetooth</h3>
+
+<p>A vulnerability in Android's Bluetooth component could allow remote code
+execution. However multiple manual steps are required before this could occur.
+In order to do this it would require a successfully paired device, after the
+personal area network (PAN) profile is enabled (for example using Bluetooth
+Tethering) and the device is paired. The remote code execution would be at the
+privilege of the Bluetooth service. A device is only vulnerable to this issue
+from a successfully paired device while in local proximity.</p>
+
+<p>This issue is rated as High severity because an attacker could remotely execute
+arbitrary code only after multiple manual steps are taken and from a locally
+proximate attacker that had previously been allowed to pair a device.</p>
+<table>
+ <tr>
+ <th>CVE</th>
+ <th>Bug(s) </th>
+ <th>Severity</th>
+ <th>Affected versions</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2015-6618</td>
+ <td>ANDROID-24595992 </td>
+ <td>High</td>
+ <td>4.4, 5.0, and 5.1</td>
+ <td>Sep 28, 2015</td>
+ </tr>
+</table>
+
+
+<h3 id="elevation_of_privilege_vulnerabilities_in_libstagefright">
+Elevation of Privilege Vulnerabilities in libstagefright</h3>
+
+<p>There are multiple vulnerabilities in libstagefright that could enable a local
+malicious application to execute arbitrary code within the context of the
+mediaserver service. This issue is rated as High severity because it could be
+used to gain elevated capabilities, such as <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> or <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> permissions privileges, which are not accessible to a third-party
+applications.</p>
+<table>
+ <tr>
+ <th>CVE</th>
+ <th>Bug(s) </th>
+ <th>Severity</th>
+ <th>Affected versions</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td rowspan="2">CVE-2015-6620</td>
+ <td>ANDROID-24123723 </td>
+ <td>High</td>
+ <td>6.0 and below</td>
+ <td>Sep 10, 2015</td>
+ </tr>
+ <tr>
+ <td>ANDROID-24445127</td>
+ <td>High</td>
+ <td>6.0 and below</td>
+ <td>Sep 2, 2015</td>
+ </tr>
+</table>
+
+<h3 id="elevation_of_privilege_vulnerability_in_systemui">
+Elevation of Privilege Vulnerability in SystemUI</h3>
+
+<p>When setting an alarm using the clock application, a vulnerability in the
+SystemUI component could allow an application to execute a task at an elevated
+privilege level. This issue is rated as High severity because it could be used
+to gain elevated capabilities, such as <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> or <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> permissions privileges, which are not accessible to a third-party
+applications.</p>
+<table>
+ <tr>
+ <th>CVE</th>
+ <th>Bug(s) </th>
+ <th>Severity</th>
+ <th>Affected versions</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2015-6621</td>
+ <td>ANDROID-23909438</td>
+ <td>High</td>
+ <td>5.0, 5.1, and 6.0</td>
+ <td>Sep 7, 2015</td>
+ </tr>
+</table>
+
+<h3 id="information_disclosure_vulnerability_in_native_frameworks_library">Information Disclosure Vulnerability in Native Frameworks Library</h3>
+
+<p>An information disclosure vulnerability in Android Native Frameworks Library
+could permit a bypass of security measures in place to increase the difficulty
+of attackers exploiting the platform. These issues are rated as High severity
+because they could also be used to gain elevated capabilities, such as <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> or <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> permissions privileges, which are not accessible to third-party applications.</p>
+<table>
+ <tr>
+ <th>CVE</th>
+ <th>Bug(s) </th>
+ <th>Severity</th>
+ <th>Affected versions</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2015-6622</td>
+ <td>ANDROID-23905002</td>
+ <td>High</td>
+ <td>6.0 and below</td>
+ <td>Sep 7, 2015</td>
+ </tr>
+</table>
+
+<h3 id="elevation_of_privilege_vulnerability_in_wi-fi">Elevation of Privilege Vulnerability in Wi-Fi</h3>
+
+<p>An elevation of privilege vulnerability in Wi-Fi could enable a local malicious
+application to execute arbitrary code within the context of an elevated system
+service. This issue is rated as High severity because it could be used to gain
+elevated capabilities, such as <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> or <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> permissions privileges, which are not accessible to a third-party application.</p>
+<table>
+ <tr>
+ <th>CVE</th>
+ <th>Bug(s) </th>
+ <th>Severity</th>
+ <th>Affected versions</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2015-6623</td>
+ <td>ANDROID-24872703 </td>
+ <td>High</td>
+ <td>6.0</td>
+ <td>Google Internal</td>
+ </tr>
+</table>
+
+
+<h3 id="elevation_of_privilege_vulnerability_in_system_server">Elevation of Privilege Vulnerability in System Server</h3>
+
+
+<p>An elevation of privilege vulnerability in the System Server component could
+enable a local malicious application to gain access to service related
+information. This issue is rated as High severity because it could be used to
+gain elevated capabilities, such as <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> or <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> permissions privileges, which are not accessible to third-party applications.</p>
+<table>
+ <tr>
+ <th>CVE</th>
+ <th>Bug(s) </th>
+ <th>Severity</th>
+ <th>Affected versions</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2015-6624</td>
+ <td>ANDROID-23999740</td>
+ <td>High</td>
+ <td>6.0</td>
+ <td>Google internal</td>
+ </tr>
+</table>
+
+
+<h3 id="information_disclosure_vulnerabilities_in_libstagefright">
+Information Disclosure Vulnerabilities in libstagefright</h3>
+
+<p>There are information disclosure vulnerabilities in libstagefright that during
+communication with mediaserver, could permit a bypass of security measures in
+place to increase the difficulty of attackers exploiting the platform. These
+issues are rated as High severity because they could also be used to gain
+elevated capabilities, such as <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> or <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> permissions privileges, which are not accessible to third-party applications.</p>
+<table>
+ <tr>
+ <th>CVE</th>
+ <th>Bug(s) </th>
+ <th>Severity</th>
+ <th>Affected versions</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2015-6632</td>
+ <td>ANDROID-24346430</td>
+ <td>High</td>
+ <td>6.0 and below</td>
+ <td>Google Internal</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-6626</td>
+ <td>ANDROID-24310423</td>
+ <td>High</td>
+ <td>6.0 and below</td>
+ <td>Sep 2, 2015</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-6631</td>
+ <td>ANDROID-24623447</td>
+ <td>High</td>
+ <td>6.0 and below</td>
+ <td>Aug 21, 2015</td>
+ </tr>
+</table>
+
+<h3 id="information_disclosure_vulnerability_in_audio">Information Disclosure Vulnerability in Audio</h3>
+
+<p>A vulnerability in the Audio component could be exploited during audio file
+processing. This vulnerability could allow a local malicious application,
+during processing of a specially crafted file, to cause information disclosure.
+This issue is rated as High severity because it could be used to gain elevated
+capabilities, such as <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> or <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> permissions privileges, which are not accessible to third-party applications.</p>
+<table>
+ <tr>
+ <th>CVE</th>
+ <th>Bug(s) </th>
+ <th>Severity</th>
+ <th>Affected versions</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2015-6627</td>
+ <td>ANDROID-24211743 </td>
+ <td>High</td>
+ <td>6.0 and below</td>
+ <td>Google Internal</td>
+ </tr>
+</table>
+
+<h3 id="information_disclosure_vulnerability_in_media_framework">Information Disclosure Vulnerability in Media Framework</h3>
+
+<p>There is an information disclosure vulnerability in Media Framework that during
+communication with mediaserver, could permit a bypass of security measures in
+place to increase the difficulty of attackers exploiting the platform. This
+issue is rated as High severity because it could also be used to gain elevated
+capabilities, such as <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> or <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> permissions privileges, which are not accessible to third-party applications.</p>
+<table>
+ <tr>
+ <th>CVE</th>
+ <th>Bug(s) </th>
+ <th>Severity</th>
+ <th>Affected versions</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2015-6628</td>
+ <td>ANDROID-24074485</td>
+ <td>High</td>
+ <td>6.0 and below</td>
+ <td>Sep 8, 2015</td>
+ </tr>
+</table>
+
+<h3 id="information_disclosure_vulnerability_in_wi-fi">Information Disclosure Vulnerability in Wi-Fi</h3>
+
+<p>A vulnerability in the Wi-Fi component could allow an attacker to cause the
+Wi-Fi service to disclose information. This issue is rated as High severity
+because it could be used to gain elevated capabilities, such as <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> or <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> permissions privileges, which are not accessible to a third-party
+applications.</p>
+<table>
+ <tr>
+ <th>CVE</th>
+ <th>Bug(s) </th>
+ <th>Severity</th>
+ <th>Affected versions</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2015-6629</td>
+ <td>ANDROID-22667667</td>
+ <td>High</td>
+ <td>5.1 and 5.0</td>
+ <td>Google Internal</td>
+ </tr>
+</table>
+
+<h3 id="elevation_of_privilege_vulnerability_in_system_server19">Elevation of Privilege Vulnerability in System Server</h3>
+
+
+<p>An elevation of privilege vulnerability in the System Server could enable a
+local malicious application to gain access to Wi-Fi service related
+information. This issue is rated as Moderate severity because it could be used
+to improperly gain “<a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">dangerous</a>” permissions.</p>
+<table>
+ <tr>
+ <th>CVE</th>
+ <th>Bug(s) </th>
+ <th>Severity</th>
+ <th>Affected versions</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2015-6625</td>
+ <td>ANDROID-23936840</td>
+ <td>Moderate</td>
+ <td>6.0</td>
+ <td>Google Internal</td>
+ </tr>
+</table>
+
+<h3 id="information_disclosure_vulnerability_in_systemui">Information Disclosure Vulnerability in SystemUI</h3>
+
+<p>An information disclosure vulnerability in the SystemUI could enable a local
+malicious application to gain access to screenshots. This issue is rated as
+Moderate severity because it could be used to improperly gain “<a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">dangerous</a>” permissions.</p>
+<table>
+ <tr>
+ <th>CVE</th>
+ <th>Bug(s) </th>
+ <th>Severity</th>
+ <th>Affected versions</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2015-6630</td>
+ <td>ANDROID-19121797</td>
+ <td>Moderate</td>
+ <td>5.0, 5.1, and 6.0</td>
+ <td>Jan 22, 2015</td>
+ </tr>
+</table>
+
+<h3 id="common_questions_and_answers">Common Questions and Answers</h3>
+
+<p>This section will review answers to common questions that may occur after
+reading this bulletin.</p>
+
+<p><strong>1. How do I determine if my device is updated to address these issues?</strong></p>
+
+<p>Builds LMY48Z or later and Android Marshmallow with Security Patch Level of
+December 1, 2015 or later address these issues. Refer to the <a href="https://support.google.com/nexus/answer/4457705">Nexus documentation</a> for instructions on how to check the security patch level. Device
+manufacturers that include these updates should set the patch string level to:
+[ro.build.version.security_patch]:[2015-12-01]</p>
+
+<h2 id="revisions">Revisions</h2>
+<ul>
+ <li> December 07, 2015: Originally Published
+</ul>
diff --git a/src/security/bulletin/index.jd b/src/security/bulletin/index.jd
index de31a16..d7befcc 100644
--- a/src/security/bulletin/index.jd
+++ b/src/security/bulletin/index.jd
@@ -16,13 +16,6 @@
See the License for the specific language governing permissions and
limitations under the License.
-->
-<div id="qv-wrapper">
- <div id="qv">
- <h2>In this document</h2>
- <ol id="auto-toc">
- </ol>
- </div>
-</div>
<p>Security has always been a major focus for Android and Google Play: Android was
built from day one with security in mind. Monthly device updates are an
important tool to make and keep Android users safe. This page contains the
@@ -40,6 +33,11 @@
<th>Android Security Patch Level</th>
</tr>
<tr>
+ <td><a href="2015-12-01.html">December 2015</a></td>
+ <td>December 7, 2015</td>
+ <td>December 1, 2015: [2015-12-01]</td>
+</tr>
+<tr>
<td><a href="2015-11-01.html">November 2015</a></td>
<td>November 2, 2015</td>
<td>November 1, 2015: [2015-11-01]</td>
diff --git a/src/security/security_toc.cs b/src/security/security_toc.cs
index f0ba2af..790b8e8 100644
--- a/src/security/security_toc.cs
+++ b/src/security/security_toc.cs
@@ -48,8 +48,9 @@
<a href="<?cs var:toroot ?>security/bulletin/index.html">
<span class="en">Bulletins</span>
</a>
- </div>
+ </div>
<ul>
+ <li><a href="<?cs var:toroot ?>security/bulletin/2015-12-01.html">December 2015</a></li>
<li><a href="<?cs var:toroot ?>security/bulletin/2015-11-01.html">November 2015</a></li>
<li><a href="<?cs var:toroot ?>security/bulletin/2015-10-01.html">October 2015</a></li>
<li><a href="<?cs var:toroot ?>security/bulletin/2015-09-01.html">September 2015</a></li>
@@ -97,7 +98,7 @@
<li><a href="<?cs var:toroot ?>security/selinux/customize.html">Customization</a></li>
<li><a href="<?cs var:toroot ?>security/selinux/validate.html">Validation</a></li>
</ul>
- </li>
+ </li>
<li class="nav-section">
<div class="nav-section-header">
<a href="<?cs var:toroot ?>security/verifiedboot/index.html">