Merge "Docs: Add security update note and link"
diff --git a/src/index.jd b/src/index.jd
index 4ede719..402661e 100644
--- a/src/index.jd
+++ b/src/index.jd
@@ -43,6 +43,13 @@
<div class="landing-docs">
<div class="col-8">
<h3>What's New</h3>
+<a href="{@docRoot}compatibility/cts/rotation-vector.html">
+ <h4>Rotation Vector CV Crosscheck</h4></a>
+ <p>Instructions now exist for the CTS Verifier <strong><a
+ href="{@docRoot}compatibility/cts/rotation-vector.html">Rotation Vector
+ CV Crosscheck</a></strong> used to properly test the compatibility of rotation
+ vector sensor implementations.</p>
+
<a href="{@docRoot}security/bulletin/index.html">
<h4>Security Bulletins</h4></a>
<p>The Android security team now publishes monthly <strong><a
@@ -83,14 +90,6 @@
href="{@docRoot}compatibility/cts/setup.html#user_builds">Setting up
CTS</a></strong> more clearly defines compatible devices for the purposes of
testing.</p>
-
-<a href="{@docRoot}devices/tech/config/kernel_network_tests.html">
- <h4>Kernel Networking Unit Tests</h4></a>
- <p><strong><a
- href="{@docRoot}devices/tech/config/kernel_network_tests.html">Kernel
- Networking Unit Tests</a></strong> describe a suite of tests provided by
- Android engineering to help ensure the device kernel will properly
- support the Android networking stack.</p>
</div>
<div class="col-8">
diff --git a/src/security/bulletin/2015-12-01.jd b/src/security/bulletin/2015-12-01.jd
index 78391c9..067d288 100644
--- a/src/security/bulletin/2015-12-01.jd
+++ b/src/security/bulletin/2015-12-01.jd
@@ -24,7 +24,7 @@
</div>
</div>
-<p><em>Published December 07, 2015 | Updated December 09, 2015</em></p>
+<p><em>Published December 07, 2015 | Updated December 22, 2015</em></p>
<p>We have released a security update to Nexus devices through an over-the-air
(OTA) update as part of our Android Security Bulletin Monthly Release process.
@@ -142,10 +142,6 @@
</table>
-<p>The <a href="{@docRoot}security/overview/updates-resources.html#severity">severity assessment</a> is based on the effect that exploiting the vulnerability would have on an
-affected device, assuming the platform and service mitigations are disabled for
-development purposes or if successfully bypassed.</p>
-
<h2 id="mitigations">Mitigations</h2>
@@ -186,13 +182,15 @@
<li> Peter Pi of Trend Micro: CVE-2015-6616, CVE-2015-6628
<li> Qidan He (<a href="https://twitter.com/flanker_hqd">@flanker_hqd</a>) and Marco Grassi (<a href="https://twitter.com/marcograss">@marcograss</a>) of <a href="http://k33nteam.org/">KeenTeam</a> (<a href="https://twitter.com/k33nteam">@K33nTeam</a>): CVE-2015-6622
<li> Tzu-Yin (Nina) Tai: CVE-2015-6627
+ <li> Joaquín Rinaudo (<a href="https://twitter.com/xeroxnir">@xeroxnir</a>) of Programa
+ STIC at Fundación Dr. Manuel Sadosky, Buenos Aires, Argentina: CVE-2015-6631
</ul>
<h2 id="security_vulnerability_details">Security Vulnerability Details</h2>
<p>In the sections below, we provide details for each of the security
vulnerabilities listed in the <a href="#security_vulnerability_summary">Security Vulnerability Summary</a> above. There is a description of the issue, a severity rationale, and a table
-with the CVE, associated bug, severity, affected versions, and date reported.
+with the CVE, associated bug, severity, updated versions, and date reported.
When available, we will link the AOSP change that addressed the issue to the
bug ID. When multiple changes relate to a single bug, additional AOSP
references are linked to numbers following the bug ID.</p>
@@ -217,7 +215,7 @@
<th>CVE</th>
<th>Bug(s) with AOSP links</th>
<th>Severity</th>
- <th>Affected versions</th>
+ <th>Updated versions</th>
<th>Date reported</th>
</tr>
<tr>
@@ -266,7 +264,7 @@
<th>CVE</th>
<th>Bug(s) with AOSP links</th>
<th>Severity</th>
- <th>Affected versions</th>
+ <th>Updated versions</th>
<th>Date reported</th>
</tr>
<tr>
@@ -290,7 +288,7 @@
<th>CVE</th>
<th>Bug(s) with AOSP links</th>
<th>Severity</th>
- <th>Affected versions</th>
+ <th>Updated versions</th>
<th>Date reported</th>
</tr>
<tr>
@@ -316,7 +314,7 @@
<th>CVE</th>
<th>Bug(s) with AOSP links</th>
<th>Severity</th>
- <th>Affected versions</th>
+ <th>Updated versions</th>
<th>Date reported</th>
</tr>
<tr>
@@ -355,7 +353,7 @@
<th>CVE</th>
<th>Bug(s) </th>
<th>Severity</th>
- <th>Affected versions</th>
+ <th>Updated versions</th>
<th>Date reported</th>
</tr>
<tr>
@@ -382,7 +380,7 @@
<th>CVE</th>
<th>Bug(s) with AOSP links</th>
<th>Severity</th>
- <th>Affected versions</th>
+ <th>Updated versions</th>
<th>Date reported</th>
</tr>
<tr>
@@ -413,7 +411,7 @@
<th>CVE</th>
<th>Bug(s) with AOSP links</th>
<th>Severity</th>
- <th>Affected versions</th>
+ <th>Updated versions</th>
<th>Date reported</th>
</tr>
<tr>
@@ -436,7 +434,7 @@
<th>CVE</th>
<th>Bug(s) with AOSP links</th>
<th>Severity</th>
- <th>Affected versions</th>
+ <th>Updated versions</th>
<th>Date reported</th>
</tr>
<tr>
@@ -459,7 +457,7 @@
<th>CVE</th>
<th>Bug(s) with AOSP links</th>
<th>Severity</th>
- <th>Affected versions</th>
+ <th>Updated versions</th>
<th>Date reported</th>
</tr>
<tr>
@@ -484,7 +482,7 @@
<th>CVE</th>
<th>Bug(s) with AOSP links</th>
<th>Severity</th>
- <th>Affected versions</th>
+ <th>Updated versions</th>
<th>Date reported</th>
</tr>
<tr>
@@ -510,7 +508,7 @@
<th>CVE</th>
<th>Bug(s) with AOSP links</th>
<th>Severity</th>
- <th>Affected versions</th>
+ <th>Updated versions</th>
<th>Date reported</th>
</tr>
<tr>
@@ -548,7 +546,7 @@
<th>CVE</th>
<th>Bug(s) with AOSP links</th>
<th>Severity</th>
- <th>Affected versions</th>
+ <th>Updated versions</th>
<th>Date reported</th>
</tr>
<tr>
@@ -572,7 +570,7 @@
<th>CVE</th>
<th>Bug(s) with AOSP links</th>
<th>Severity</th>
- <th>Affected versions</th>
+ <th>Updated versions</th>
<th>Date reported</th>
</tr>
<tr>
@@ -595,7 +593,7 @@
<th>CVE</th>
<th>Bug(s) with AOSP links</th>
<th>Severity</th>
- <th>Affected versions</th>
+ <th>Updated versions</th>
<th>Date reported</th>
</tr>
<tr>
@@ -619,7 +617,7 @@
<th>CVE</th>
<th>Bug(s) with AOSP links</th>
<th>Severity</th>
- <th>Affected versions</th>
+ <th>Updated versions</th>
<th>Date reported</th>
</tr>
<tr>
@@ -641,7 +639,7 @@
<th>CVE</th>
<th>Bug(s) with AOSP links</th>
<th>Severity</th>
- <th>Affected versions</th>
+ <th>Updated versions</th>
<th>Date reported</th>
</tr>
<tr>
@@ -669,4 +667,5 @@
<ul>
<li> December 07, 2015: Originally Published
<li> December 09, 2015: Bulletin revised to include AOSP links.
+ <li> December 22, 2015: Added missing credit to Acknowledgements section.
</ul>
diff --git a/src/security/bulletin/2016-01-01.jd b/src/security/bulletin/2016-01-01.jd
new file mode 100644
index 0000000..a3c9e31
--- /dev/null
+++ b/src/security/bulletin/2016-01-01.jd
@@ -0,0 +1,521 @@
+page.title=Nexus Security Bulletin - January 2016
+@jd:body
+
+<!--
+ Copyright 2015 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<div id="qv-wrapper">
+ <div id="qv">
+ <h2>In this document</h2>
+ <ol id="auto-toc">
+ </ol>
+ </div>
+</div>
+
+<p><em>Published January 04, 2016</em></p>
+
+<p>We have released a security update to Nexus devices through an over-the-air
+(OTA) update as part of our Android Security Bulletin Monthly Release process.
+The Nexus firmware images have also been released to the <a href="https://developers.google.com/android/nexus/images">Google Developer site</a>. Builds LMY49F or later and Android 6.0 with Security Patch Level of January
+1, 2016 or later address these issues. Refer to the <a href="#common_questions_and_answers">Common Questions and Answers</a> section for more details.</p>
+
+<p>Partners were notified about and provided updates for the issues described in
+this bulletin on December 7, 2015 or earlier. Source code patches for these
+issues will be released to the Android Open Source Project (AOSP) repository
+over the next 48 hours. We will revise this bulletin with the AOSP links when
+they are available.</p>
+
+<p>The most severe of these issues is a Critical security vulnerability that could
+enable remote code execution on an affected device through multiple methods
+such as email, web browsing, and MMS when processing media files.</p>
+
+<p>We have had no reports of active customer exploitation of these newly reported
+issues. Refer to the <a href="#mitigations">Mitigations</a> section for details on the <a href="https://source.android.com/security/enhancements/">Android security platform protections</a> and service protections such as SafetyNet, which improve the security of the
+Android platform. We encourage all customers to accept these updates to their
+devices.</p>
+
+<h2 id=security_vulnerability_summary>Security Vulnerability Summary</h2>
+
+
+<p>The table below contains a list of security vulnerabilities, the Common
+Vulnerability and Exposures ID (CVE), and their assessed severity. The <a href="https://source.android.com/security/overview/updates-resources.html#severity">severity assessment</a> is based on the effect that exploiting the vulnerability would have on an
+affected device, assuming the platform and service mitigations are disabled for
+development purposes or if successfully bypassed.</p>
+<table>
+ <tr>
+ <th>Issue</th>
+ <th>CVE</th>
+ <th>Severity</th>
+ </tr>
+ <tr>
+ <td>Remote Code Execution Vulnerability in Mediaserver</td>
+ <td>CVE-2015-6636</td>
+ <td>Critical</td>
+ </tr>
+ <tr>
+ <td>Elevation of Privilege Vulnerability in misc-sd driver</td>
+ <td>CVE-2015-6637</td>
+ <td>Critical</td>
+ </tr>
+ <tr>
+ <td>Elevation of Privilege Vulnerability in the Imagination Technologies driver</td>
+ <td>CVE-2015-6638</td>
+ <td>Critical</td>
+ </tr>
+ <tr>
+ <td>Elevation of Privilege Vulnerabilities in Trustzone</td>
+ <td>CVE-2015-6639</td>
+ <td>Critical</td>
+ </tr>
+ <tr>
+ <td>Elevation of Privilege Vulnerability in Kernel</td>
+ <td>CVE-2015-6640</td>
+ <td>Critical</td>
+ </tr>
+ <tr>
+ <td>Elevation of Privilege Vulnerability in Bluetooth</td>
+ <td>CVE-2015-6641</td>
+ <td>High</td>
+ </tr>
+ <tr>
+ <td>Information Disclosure Vulnerability in Kernel</td>
+ <td>CVE-2015-6642</td>
+ <td>High</td>
+ </tr>
+ <tr>
+ <td>Elevation of Privilege Vulnerability in Setup Wizard</td>
+ <td>CVE-2015-6643</td>
+ <td>Moderate</td>
+ </tr>
+ <tr>
+ <td>Elevation of Privilege Vulnerability in Wi-Fi</td>
+ <td>CVE-2015-5310</td>
+ <td>Moderate</td>
+ </tr>
+ <tr>
+ <td>Information Disclosure Vulnerability in Bouncy Castle</td>
+ <td>CVE-2015-6644</td>
+ <td>Moderate</td>
+ </tr>
+ <tr>
+ <td>Denial of Service Vulnerability in SyncManager</td>
+ <td>CVE-2015-6645</td>
+ <td>Moderate</td>
+ </tr>
+ <tr>
+ <td>Attack Surface Reduction for Nexus Kernels</td>
+ <td>CVE-2015-6646</td>
+ <td>Moderate</td>
+ </tr>
+</table>
+
+
+<h2 id=mitigations>Mitigations</h2>
+
+
+<p>This is a summary of the mitigations provided by the <a href="https://source.android.com/security/enhancements/index.html">Android security platform</a> and service protections such as SafetyNet. These capabilities reduce the
+likelihood that security vulnerabilities could be successfully exploited on
+Android.</p>
+
+<ul>
+ <li> Exploitation for many issues on Android is made more difficult by enhancements
+in newer versions of the Android platform. We encourage all users to update to
+the latest version of Android where possible.
+ <li> The Android Security team is actively monitoring for abuse with Verify Apps and
+SafetyNet which will warn about potentially harmful applications about to be
+installed. Device rooting tools are prohibited within Google Play. To protect
+users who install applications from outside of Google Play, Verify Apps is
+enabled by default and will warn users about known rooting applications. Verify
+Apps attempts to identify and block installation of known malicious
+applications that exploit a privilege escalation vulnerability. If such an
+application has already been installed, Verify Apps will notify the user and
+attempt to remove any such applications.
+ <li> As appropriate, Google Hangouts and Messenger applications do not automatically
+pass media to processes such as mediaserver.
+</ul>
+
+<h2 id=acknowledgements>Acknowledgements</h2>
+
+
+<p>We would like to thank these researchers for their contributions:</p>
+
+<ul>
+ <li> Abhishek Arya, Oliver Chang, and Martin Barbella of Google Chrome Security
+Team: CVE-2015-6636, CVE-2015-6617
+ <li> Sen Nie (<a href="https://twitter.com/@nforest_">@nforest_</a>) and jfang of KEEN lab, Tencent (<a href="https://twitter.com/k33nteam">@K33nTeam</a>): CVE-2015-6637
+ <li> Yabin Cui from Android Bionic Team: CVE-2015-6640
+ <li> Tom Craig of Google X: CVE-2015-6641
+ <li> Jann Horn (<a href="https://thejh.net">https://thejh.net</a>): CVE-2015-6642
+ <li> Jouni Malinen PGP id EFC895FA: CVE-2015-5310
+ <li> Quan Nguyen of Google Information Security Engineer Team: CVE-2015-6644
+</ul>
+
+<h2 id=security_vulnerability_details>Security Vulnerability Details</h2>
+
+<p>In the sections below, we provide details for each of the security
+vulnerabilities listed in the <a href="#security_vulnerability_summary">Security Vulnerability Summary</a> above. There is a description of the issue, a severity rationale, and a table
+with the CVE, associated bug, severity, updated versions, and date reported.
+When available, we will link the AOSP change that addressed the issue to the
+bug ID. When multiple changes relate to a single bug, additional AOSP
+references are linked to numbers following the bug ID. </p>
+
+<h3 id=remote_code_execution_vulnerability_in_mediaserver>Remote Code Execution Vulnerability in Mediaserver</h3>
+
+
+<p>During media file and data processing of a specially crafted file,
+vulnerabilities in mediaserver could allow an attacker to cause memory
+corruption and remote code execution as the mediaserver process.</p>
+
+<p>The affected functionality is provided as a core part of the operating system
+and there are multiple applications that allow it to be reached with remote
+content, most notably MMS and browser playback of media.</p>
+
+<p>This issue is rated as a Critical severity due to the possibility of remote
+code execution within the context of the mediaserver service. The mediaserver
+service has access to audio and video streams as well as access to privileges
+that third-party apps cannot normally access.</p>
+<table>
+ <tr>
+ <th>CVE</th>
+ <th>Bug(s) </th>
+ <th>Severity</th>
+ <th>Updated versions</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td rowspan="2">CVE-2015-6636</td>
+ <td>ANDROID-25070493</td>
+ <td>Critical</td>
+ <td>5.0, 5.1.1, 6.0, 6.0.1</td>
+ <td>Google Internal</td>
+ </tr>
+ <tr>
+ <td>ANDROID-24686670</td>
+ <td>Critical</td>
+ <td>5.0, 5.1.1, 6.0, 6.0.1</td>
+ <td>Google Internal</td>
+ </tr>
+</table>
+
+
+<h3 id=elevation_of_privilege_vulnerability_in_misc-sd_driver>Elevation of Privilege Vulnerability in misc-sd driver</h3>
+
+
+<p>An elevation of privilege vulnerability in the misc-sd driver from MediaTek
+could enable a local malicious application to execute arbitrary code within the
+kernel. This issue is rated as a Critical severity due to the possibility of a
+local permanent device compromise, in which case the device would possibly need
+to be repaired by re-flashing the operating system.</p>
+<table>
+ <tr>
+ <th>CVE</th>
+ <th>Bug(s) </th>
+ <th>Severity</th>
+ <th>Updated versions</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2015-6637</td>
+ <td>ANDROID-25307013</td>
+ <td>Critical</td>
+ <td>4.4.4, 5.0, 5.1.1, 6.0, 6.0.1</td>
+ <td>Oct 26, 2015</td>
+ </tr>
+</table>
+
+
+<h3 id=elevation_of_privilege_vulnerability_in_the_imagination_technologies_driver>Elevation of Privilege Vulnerability in the Imagination Technologies driver</h3>
+
+
+<p>An elevation of privilege vulnerability in a kernel driver from Imagination
+Technologies could enable a local malicious application to execute arbitrary
+code within the kernel. This issue is rated as a Critical severity due to the
+possibility of a local permanent device compromise, in which case device would
+possibly need to be repaired by re-flashing the operating system.</p>
+<table>
+ <tr>
+ <th>CVE</th>
+ <th>Bug(s) </th>
+ <th>Severity</th>
+ <th>Updated versions</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2015-6638</td>
+ <td>ANDROID-24673908</td>
+ <td>Critical</td>
+ <td>5.0, 5.5.1, 6.0, 6.0.1</td>
+ <td>Google Internal</td>
+ </tr>
+</table>
+
+
+<h3 id=elevation_of_privilege_vulnerabilities_in_trustzone>Elevation of Privilege Vulnerabilities in Trustzone</h3>
+
+
+<p>Elevation of privilege vulnerabilities in the Widevine QSEE TrustZone
+application could enable a compromise, privileged application with access to
+QSEECOM to execute arbitrary code in the Trustzone context. This issue is rated
+as a Critical severity due to the possibility of a local permanent device
+compromise, in which case the device would possibly need to be repaired by
+re-flashing the operating system.</p>
+<table>
+ <tr>
+ <th>CVE</th>
+ <th>Bug(s) </th>
+ <th>Severity</th>
+ <th>Updated versions</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2015-6639</td>
+ <td>ANDROID-24446875</td>
+ <td>Critical</td>
+ <td>5.0, 5.1.1, 6.0, 6.0.1</td>
+ <td>Sep 23, 2015</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-6647</td>
+ <td>ANDROID-24441554</td>
+ <td>Critical</td>
+ <td>5.0, 5.1.1, 6.0, 6.0.1</td>
+ <td>Sep 27, 2015</td>
+ </tr>
+</table>
+
+
+<h3 id=elevation_of_privilege_vulnerability_in_kernel>Elevation of Privilege Vulnerability in Kernel</h3>
+
+
+<p>An elevation of privilege vulnerability in the kernel could enable a local
+malicious application to execute arbitrary code in the kernel. This issue is
+rated as a Critical severity due to the possibility of a local permanent device
+compromise, in which case the device would possibly need to be repaired by
+re-flashing the operating system.</p>
+<table>
+ <tr>
+ <th>CVE</th>
+ <th>Bug(s) with AOSP Link</th>
+ <th>Severity</th>
+ <th>Updated versions</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2015-6640</td>
+ <td><a href="https://android.googlesource.com/kernel%2Fcommon/+/69bfe2d957d903521d32324190c2754cb073be15">ANDROID-20017123</a></td>
+ <td>Critical</td>
+ <td>4.4.4, 5.0, 5.1.1, 6.0</td>
+ <td>Google Internal</td>
+ </tr>
+</table>
+
+
+<h3 id=elevation_of_privilege_vulnerability_in_bluetooth>Elevation of Privilege Vulnerability in Bluetooth</h3>
+
+
+<p>An elevation of privilege vulnerability in the Bluetooth component could enable
+a remote device paired over Bluetooth to gain access to user’s private
+information (Contacts). This issue is rated as High severity because it could
+be used to gain “<a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">dangerous</a>” capabilities remotely, these permissions are accessible only to third-party
+applications installed locally.</p>
+<table>
+ <tr>
+ <th>CVE</th>
+ <th>Bug(s)</th>
+ <th>Severity</th>
+ <th>Updated versions</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2015-6641</td>
+ <td>ANDROID-23607427</td>
+ <td>High</td>
+ <td>6.0, 6.0.1</td>
+ <td>Google Internal</td>
+ </tr>
+</table>
+
+
+<h3 id=information_disclosure_vulnerability_in_kernel>Information Disclosure Vulnerability in Kernel</h3>
+
+
+<p>An information disclosure vulnerability in the kernel could permit a bypass of
+security measures in place to increase the difficulty of attackers exploiting
+the platform. These issues are rated as High severity because they could also
+be used to gain elevated capabilities, such as <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> or <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> permissions privileges, which are not accessible to third-party applications.</p>
+<table>
+ <tr>
+ <th>CVE</th>
+ <th>Bug(s) </th>
+ <th>Severity</th>
+ <th>Updated versions</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2015-6642</td>
+ <td>ANDROID-24157888</td>
+ <td>High</td>
+ <td>4.4.4, 5.0, 5.1.1, 6.0</td>
+ <td>Sep 12, 2015</td>
+ </tr>
+</table>
+
+
+<h3 id=elevation_of_privilege_vulnerability_in_setup_wizard>Elevation of Privilege Vulnerability in Setup Wizard</h3>
+
+
+<p>An elevation of privilege vulnerability in the Setup Wizard could enable an
+attacker with physical access to the device to gain access to device settings
+and perform a manual device reset. This issue is rated as Moderate severity
+because it could be used to improperly work around the factory reset
+protection.</p>
+<table>
+ <tr>
+ <th>CVE</th>
+ <th>Bug(s) </th>
+ <th>Severity</th>
+ <th>Updated versions</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2015-6643</td>
+ <td>ANDROID-25290269</td>
+ <td>Moderate</td>
+ <td>5.1.1, 6.0, 6.0.1</td>
+ <td>Google Internal</td>
+ </tr>
+</table>
+
+
+<h3 id=elevation_of_privilege_vulnerability_in_wi-fi>Elevation of Privilege Vulnerability in Wi-Fi</h3>
+
+
+<p>An elevation of privilege vulnerability in the Wi-Fi component could enable a
+locally proximate attacker to gain access to Wi-Fi service related information.
+A device is only vulnerable to this issue while in local proximity. This issue
+is rated as Moderate severity because it could be used to gain “<a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">normal</a>” capabilities remotely, these permissions are accessible only to third-party
+applications installed locally.</p>
+<table>
+ <tr>
+ <th>CVE</th>
+ <th>Bug(s)</th>
+ <th>Severity</th>
+ <th>Updated versions</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2015-5310</td>
+ <td>ANDROID-25266660</td>
+ <td>Moderate</td>
+ <td>4.4.4, 5.0, 5.1.1, 6.0, 6.0.1</td>
+ <td>Oct 25, 2015</td>
+ </tr>
+</table>
+
+
+<h3 id=information_disclosure_vulnerability_in_bouncy_castle>Information Disclosure Vulnerability in Bouncy Castle</h3>
+
+
+<p>An information disclosure vulnerability in Bouncy Castle could enable a local
+malicious application to gain access to user’s private information. This issue
+is rated as Moderate severity because it could be used to improperly gain “<a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">dangerous</a>” permissions.</p>
+<table>
+ <tr>
+ <th>CVE</th>
+ <th>Bug(s) </th>
+ <th>Severity</th>
+ <th>Updated versions</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2015-6644</td>
+ <td>ANDROID-24106146</td>
+ <td>Moderate</td>
+ <td>4.4.4, 5.0, 5.1.1, 6.0, 6.0.1</td>
+ <td>Google Internal</td>
+ </tr>
+</table>
+
+
+<h3 id=denial_of_service_vulnerability_in_syncmanager>Denial of Service Vulnerability in SyncManager</h3>
+
+
+<p>A denial of service vulnerability in the SyncManager could enable a local
+malicious application to cause a reboot loop. This issue is rated as Moderate
+severity because it could be used to cause a local temporary denial of service
+that would possibly need to be fixed though a factory reset.</p>
+<table>
+ <tr>
+ <th>CVE</th>
+ <th>Bug(s) </th>
+ <th>Severity</th>
+ <th>Updated versions</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2015-6645</td>
+ <td>ANDROID-23591205</td>
+ <td>Moderate</td>
+ <td>4.4.4, 5.0, 5.1.1, 6.0</td>
+ <td>Google Internal</td>
+ </tr>
+</table>
+
+
+<h3 id=attack_surface_reduction_for_nexus_kernels>Attack Surface Reduction for Nexus Kernels</h3>
+
+
+<p>SysV IPC is not supported in any Android Kernel. We have removed this from the
+OS as it exposes additional attack surface that doesn’t add functionality to
+the system that could be exploited by malicious applications. Also, System V
+IPCs are not compliant with Android's application lifecycle because the
+allocated resources are not freeable by the memory manager leading to global
+kernel resource leakage. This change addresses issue such as CVE-2015-7613.</p>
+<table>
+ <tr>
+ <th>CVE</th>
+ <th>Bug(s) </th>
+ <th>Severity</th>
+ <th>Updated versions</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2015-6646</td>
+ <td>ANDROID-22300191</td>
+ <td>Moderate</td>
+ <td>6.0</td>
+ <td>Google Internal</td>
+ </tr>
+</table>
+
+
+<h3 id=common_questions_and_answers>Common Questions and Answers</h3>
+
+
+<p>This section reviews answers to common questions that may occur after reading
+this bulletin.</p>
+
+<p><strong>1. How do I determine if my device is updated to address these issues? </strong></p>
+
+<p>Builds LMY49F or later and Android 6.0 with Security Patch Level of January 1,
+2016 or later address these issues. Refer to the <a href="https://support.google.com/nexus/answer/4457705">Nexus documentation</a> for instructions on how to check the security patch level. Device
+manufacturers that include these updates should set the patch string level to:
+[ro.build.version.security_patch]:[2016-01-01] </p>
+
+<h2 id=revisions>Revisions</h2>
+
+
+<ul>
+ <li> January 04, 2016: Bulletin published.
diff --git a/src/security/bulletin/index.jd b/src/security/bulletin/index.jd
index d7befcc..85b7a2a 100644
--- a/src/security/bulletin/index.jd
+++ b/src/security/bulletin/index.jd
@@ -33,6 +33,11 @@
<th>Android Security Patch Level</th>
</tr>
<tr>
+ <td><a href="2016-01-01.html">January 2016</a></td>
+ <td>January 4, 2016</td>
+ <td>January 1, 2016: [2016-01-01]</td>
+ </tr>
+ <tr>
<td><a href="2015-12-01.html">December 2015</a></td>
<td>December 7, 2015</td>
<td>December 1, 2015: [2015-12-01]</td>
diff --git a/src/security/security_toc.cs b/src/security/security_toc.cs
index 790b8e8..cf74b3d 100644
--- a/src/security/security_toc.cs
+++ b/src/security/security_toc.cs
@@ -50,6 +50,7 @@
</a>
</div>
<ul>
+ <li><a href="<?cs var:toroot ?>security/bulletin/2016-01-01.html">January 2016</a></li>
<li><a href="<?cs var:toroot ?>security/bulletin/2015-12-01.html">December 2015</a></li>
<li><a href="<?cs var:toroot ?>security/bulletin/2015-11-01.html">November 2015</a></li>
<li><a href="<?cs var:toroot ?>security/bulletin/2015-10-01.html">October 2015</a></li>