Docs: June 2016 Security bulletin
Bug: 28626207
Change-Id: Iea640d31fced446b36dc6d4ebe12e1e669003b03
diff --git a/src/security/bulletin/2016-06-01.jd b/src/security/bulletin/2016-06-01.jd
new file mode 100644
index 0000000..0406f40
--- /dev/null
+++ b/src/security/bulletin/2016-06-01.jd
@@ -0,0 +1,1181 @@
+page.title=Android Security Bulletin—June 2016
+@jd:body
+
+<!--
+ Copyright 2016 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<p><em>Published June 06, 2016</em></p>
+
+<p>The Android Security Bulletin contains details of security vulnerabilities
+affecting Android devices. Alongside the bulletin, we have released a security
+update to Nexus devices through an over-the-air (OTA) update. The Nexus
+firmware images have also been released to the
+<a href="https://developers.google.com/android/nexus/images">Google Developer site</a>.
+Security Patch Levels of June 01, 2016 or later address these issues. Refer
+to the <a href="https://support.google.com/nexus/answer/4457705#nexus_devices">
+Nexus documentation</a> to learn how to check the security patch level.</p>
+
+<p>Partners were notified about the issues described in the bulletin on May 02,
+2016 or earlier. Source code patches for these issues will be released to the
+Android Open Source Project (AOSP) repository in the next 48 hours. We will
+revise this bulletin with the AOSP links when they are available.</p>
+
+<p>The most severe issue is a Critical security vulnerability that could enable
+remote code execution on an affected device through multiple methods such as
+email, web browsing, and MMS when processing media files.</p>
+
+<p>We have had no reports of active customer exploitation or abuse of these newly
+reported issues. Refer to the <a href="#mitigations">
+Android and Google Service Mitigations</a> section for details on the
+<a href="{@docRoot}security/enhancements/index.html">
+Android security platform protections</a> and service protections such as
+SafetyNet, which improve the security of the Android platform.</p>
+
+<p>We encourage all customers to accept these updates to their devices.</p>
+
+<h2 id=security_vulnerability_summary>Security Vulnerability Summary</h2>
+
+
+<p>The table below contains a list of security vulnerabilities, the Common
+Vulnerability and Exposures ID (CVE), their assessed severity and whether or
+not Nexus devices are affected. The
+<a href="{@docRoot}security/overview/updates-resources.html#severity">
+severity assessment</a> is based on the effect that exploiting the
+vulnerability would possibly have on an affected device, assuming the
+platform and service mitigations are disabled for development purposes
+or successfully bypassed.</p>
+<table>
+ <col width="55%">
+ <col width="20%">
+ <col width="13%">
+ <col width="12%">
+ <tr>
+ <th>Issue</th>
+ <th>CVE</th>
+ <th>Severity</th>
+ <th>Affects Nexus?</th>
+ </tr>
+ <tr>
+ <td>Remote Code Execution Vulnerability in Mediaserver</td>
+ <td>CVE-2016-2463</td>
+ <td>Critical</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Remote Code Execution Vulnerabilities in libwebm</td>
+ <td>CVE-2016-2464</td>
+ <td>Critical</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of Privilege Vulnerability in Qualcomm Video Driver</td>
+ <td>CVE-2016-2465</td>
+ <td>Critical</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of Privilege Vulnerability in Qualcomm Sound Driver</td>
+ <td>CVE-2016-2466<br />
+ CVE-2016-2467</td>
+ <td>Critical</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of Privilege Vulnerability in Qualcomm GPU Driver</td>
+ <td>CVE-2016-2468<br />
+ CVE-2016-2062</td>
+ <td>Critical</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of Privilege Vulnerability in Qualcomm Wi-Fi Driver</td>
+ <td>CVE-2016-2474</td>
+ <td>Critical</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of Privilege Vulnerability in Broadcom Wi-Fi Driver</td>
+ <td>CVE-2016-2475</td>
+ <td>High</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of Privilege Vulnerability in Qualcomm Sound Driver</td>
+ <td>CVE-2016-2066<br />
+ CVE-2016-2469</td>
+ <td>High</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of Privilege Vulnerability in Mediaserver</td>
+ <td>CVE-2016-2476<br />
+ CVE-2016-2477<br />
+ CVE-2016-2478<br />
+ CVE-2016-2479<br />
+ CVE-2016-2480<br />
+ CVE-2016-2481<br />
+ CVE-2016-2482<br />
+ CVE-2016-2483<br />
+ CVE-2016-2484<br />
+ CVE-2016-2485<br />
+ CVE-2016-2486<br />
+ CVE-2016-2487</td>
+ <td>High</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of Privilege Vulnerability in Qualcomm Camera Driver</td>
+ <td>CVE-2016-2061<br />
+ CVE-2016-2488</td>
+ <td>High</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of Privilege Vulnerability in Qualcomm Video Driver</td>
+ <td>CVE-2016-2489</td>
+ <td>High</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of Privilege Vulnerability in NVIDIA Camera Driver</td>
+ <td>CVE-2016-2490<br />
+ CVE-2016-2491</td>
+ <td>High</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of Privilege Vulnerability in Qualcomm Wi-Fi Driver</td>
+ <td>CVE-2016-2470<br />
+ CVE-2016-2471<br />
+ CVE-2016-2472<br />
+ CVE-2016-2473</td>
+ <td>High</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of Privilege Vulnerability in MediaTek Power Management Driver</td>
+ <td>CVE-2016-2492</td>
+ <td>High</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of Privilege Vulnerability in SD Card Emulation Layer</td>
+ <td>CVE-2016-2494</td>
+ <td>High</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of Privilege Vulnerability in Broadcom Wi-Fi Driver</td>
+ <td>CVE-2016-2493</td>
+ <td>High</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Remote Denial of Service Vulnerability in Mediaserver</td>
+ <td>CVE-2016-2495</td>
+ <td>High</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of Privilege Vulnerability in Framework UI</td>
+ <td>CVE-2016-2496</td>
+ <td>Moderate</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Information Disclosure Vulnerability in Qualcomm Wi-Fi Driver</td>
+ <td>CVE-2016-2498</td>
+ <td>Moderate</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Information Disclosure Vulnerability in Mediaserver</td>
+ <td>CVE-2016-2499</td>
+ <td>Moderate</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Information Disclosure Vulnerability in Activity Manager</td>
+ <td>CVE-2016-2500</td>
+ <td>Moderate</td>
+ <td>Yes</td>
+ </tr>
+</table>
+
+
+<h2 id=mitigations>Android and Google Service Mitigations</h2>
+
+
+<p>This is a summary of the mitigations provided by the
+<a href="{@docRoot}security/enhancements/index.html">
+Android security platform</a> and service protections, such as SafetyNet.
+These capabilities reduce the likelihood that security vulnerabilities could
+be successfully exploited on Android.</p>
+
+<ul>
+ <li> Exploitation for many issues on Android is made more difficult by enhancements
+ in newer versions of the Android platform. We encourage all users to update to
+ the latest version of Android where possible.
+ <li> The Android Security team actively monitors for abuse with
+ <a href="{@docRoot}security/reports/Google_Android_Security_2015_Report_Final.pdf">
+ Verify Apps and SafetyNet</a>, which are designed to warn users about
+ <a href="{@docRoot}security/reports/Google_Android_Security_PHA_classifications.pdf">
+ Potentially Harmful Applications</a>. Verify Apps is enabled by default
+ on devices with <a href="http://www.android.com/gms">Google Mobile Services</a>,
+ and is especially important for users who install applications from outside
+ of Google Play. Device rooting tools are prohibited within Google Play, but
+ Verify Apps warns users when they attempt to install a detected rooting
+ application—no matter where it comes from. Additionally, Verify Apps attempts
+ to identify and block installation of known malicious applications that exploit
+ a privilege escalation vulnerability. If such an application has already been
+ installed, Verify Apps will notify the user and attempt to remove the detected
+ application.
+ <li> As appropriate, Google Hangouts and Messenger applications do not automatically
+ pass media to processes such as Mediaserver.
+</ul>
+
+<h2 id=acknowledgements>Acknowledgements</h2>
+
+
+<p>We would like to thank these researchers for their contributions:</p>
+
+<ul>
+ <li> Di Shen (<a href="https://twitter.com/returnsme">@returnsme</a>) of KeenLab
+ (<a href="https://twitter.com/keen_lab">@keen_lab</a>), Tencent: CVE-2016-2468
+ <li> <a href="http://bits-please.blogspot.com">Gal Beniamini</a>
+ (<a href="https://twitter.com/laginimaineb">@laginimaineb</a>): CVE-2016-2476
+ <li> Gengjia Chen (<a href="https://twitter.com/chengjia4574">@chengjia4574</a>), pjf
+ (<a href="http://weibo.com/jfpan">weibo.com/jfpan</a>) of IceSword Lab, Qihoo 360
+ Technology Co. Ltd.: CVE-2016-2492
+ <li> Hao Chen, Guang Gong, and Wenlin Yang of Mobile Safe Team, Qihoo 360 Technology
+ Co. Ltd.: CVE-2016-2470, CVE-2016-2471, CVE-2016-2472, CVE-2016-2473,
+ CVE-2016-2498
+ <li> <a href="http://www.iwobanas.com">Iwo Banas</a>: CVE-2016-2496
+ <li> Jianqiang Zhao(<a href="https://twitter.com/jianqiangzhao">@jianqiangzhao</a>)
+ and pjf (<a href="http://weibo.com/jfpan">weibo.com/jfpan</a>) of IceSword Lab,
+ Qihoo 360 Technology Co. Ltd.: CVE-2016-2490, CVE-2016-2491
+ <li> Lee Campbell of Google: CVE-2016-2500
+ <li> Maciej Szawłowski of the Google Security Team: CVE-2016-2474
+ <li> Marco Nelissen and Max Spector of Google: CVE-2016-2487
+ <li> Mark Brand of Google Project Zero: CVE-2016-2494
+ <li> Mingjian Zhou (<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>),
+ Chiachih Wu (<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), and Xuxian
+ Jiang of <a href="http://c0reteam.org">C0RE Team</a>: CVE-2016-2477, CVE-2016-2478,
+ CVE-2016-2479, CVE-2016-2480, CVE-2016-2481, CVE-2016-2482, CVE-2016-2483, CVE-2016-2484,
+ CVE-2016-2485, CVE-2016-2486
+ <li> <a href="mailto:sbauer@plzdonthack.me">Scott Bauer</a> (<a href="https://twitter.com/ScottyBauer1">@ScottyBauer1</a>):
+ CVE-2016-2066, CVE-2016-2061, CVE-2016-2465, CVE-2016-2469, CVE-2016-2489
+ <li> Vasily Vasilev: CVE-2016-2463
+ <li> Weichao Sun (<a href="https://twitter.com/sunblate">@sunblate</a>) of Alibaba Inc.: CVE-2016-2495
+ <li> Xiling Gong of Tencent Security Platform Department: CVE-2016-2499
+ <li> Zach Riggle (<a href="https://twitter.com/ebeip90">@ebeip90</a>) of the Android Security Team: CVE-2016-2493
+</ul>
+
+<h2 id=security_vulnerability_details>Security Vulnerability Details</h2>
+
+
+<p>In the sections below, we provide details for each of the security
+vulnerabilities listed in the <a href="#security_vulnerability_summary">
+Security Vulnerability Summary</a> above. There is a description of the issue,
+a severity rationale, and a table with the CVE, associated Android bug, severity,
+updated Nexus devices, updated AOSP versions (where applicable), and date reported.
+When available, we will link the AOSP change that addressed the issue to the bug ID.
+When multiple changes relate to a single bug, additional AOSP references are linked to
+numbers following the bug ID.</p>
+
+<h3 id=remote_code_execution_vulnerability_in_mediaserver>
+Remote Code Execution Vulnerability in Mediaserver</h3>
+
+
+<p>A remote code execution vulnerability in Mediaserver could enable an attacker
+using a specially crafted file to cause memory corruption during media file and
+data processing. This issue is rated as Critical due to the possibility of
+remote code execution within the context of the Mediaserver process. The
+Mediaserver process has access to audio and video streams, as well as access to
+privileges that third-party apps could not normally access.</p>
+
+<p>The affected functionality is provided as a core part of the operating system,
+and there are multiple applications that allow it to be reached with remote
+content, most notably MMS and browser playback of media.</p>
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="19%">
+ <col width="18%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>Android bugs</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Updated AOSP versions</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-2463</td>
+ <td>27855419</td>
+ <td>Critical</td>
+ <td><a href="#nexus_devices">All Nexus</a></td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td>
+ <td>Mar 25, 2016</td>
+ </tr>
+</table>
+
+
+<h3 id=remote_code_execution_vulnerabilities_in_libwebm>
+Remote Code Execution Vulnerabilities in libwebm</h3>
+
+
+<p>Remote code execution vulnerabilities with libwebm could enable an attacker
+using a specially crafted file to cause memory corruption during media file and
+data processing. This issue is rated as Critical due to the possibility of
+remote code execution within the context of the Mediaserver process. The
+Mediaserver process has access to audio and video streams, as well as access to
+privileges that third-party apps could not normally access.</p>
+
+<p>The affected functionality is provided as a core part of the operating system,
+and there are multiple applications that allow it to be reached with remote
+content, most notably MMS and browser playback of media.</p>
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="19%">
+ <col width="18%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>Android bugs</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Updated AOSP versions</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-2464</td>
+ <td>23167726</td>
+ <td>Critical</td>
+ <td><a href="#nexus_devices">All Nexus</a></td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td>
+ <td>Google Internal</td>
+ </tr>
+</table>
+
+
+<h3 id=elevation_of_privilege_vulnerability_in_qualcomm_video_driver>
+Elevation of Privilege Vulnerability in Qualcomm Video Driver</h3>
+
+
+<p>An elevation of privilege vulnerability in the Qualcomm video driver could
+enable a local malicious application to execute arbitrary code within the
+context of the kernel. This issue is rated as Critical due to the possibility
+of a local permanent device compromise, which may require reflashing the
+operating system to repair the device.</p>
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="27%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>Android bugs</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-2465</td>
+ <td>27407865</td>
+ <td>Critical</td>
+ <td>Nexus 5, Nexus 5X, Nexus 6, Nexus 6P</td>
+ <td>Feb 21, 2016</td>
+ </tr>
+</table>
+
+
+<h3 id=elevation_of_privilege_vulnerability_in_qualcomm_sound_driver>
+Elevation of Privilege Vulnerability in Qualcomm Sound Driver</h3>
+
+<p>An elevation of privilege vulnerability in the Qualcomm sound driver could
+enable a local malicious application to execute arbitrary code within the
+context of the kernel. This issue is rated as Critical due to the possibility
+of a local permanent device compromise, which may require reflashing the
+operating system to repair the device.</p>
+
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="27%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>Android bugs</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-2466</td>
+ <td>27947307</td>
+ <td>Critical</td>
+ <td>Nexus 6</td>
+ <td>Feb 27, 2016</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-2467</td>
+ <td>28029010</td>
+ <td>Critical</td>
+ <td>Nexus 5</td>
+ <td>Mar 13, 2014</td>
+ </tr>
+</table>
+
+
+<h3 id=elevation_of_privilege_vulnerability_in_qualcomm_gpu_driver>
+Elevation of Privilege Vulnerability in Qualcomm GPU Driver</h3>
+
+
+<p>An elevation of privilege vulnerability in the Qualcomm GPU driver could enable
+a local malicious application to execute arbitrary code within the context of
+the kernel. This issue is rated as Critical due to the possibility of a local
+permanent device compromise, which may require reflashing the operating system
+to repair the device.</p>
+
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="27%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>Android bugs</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-2468</td>
+ <td>27475454</td>
+ <td>Critical</td>
+ <td>Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, Nexus 7</td>
+ <td>Mar 2, 2016</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-2062</td>
+ <td>27364029</td>
+ <td>Critical</td>
+ <td>Nexus 5X, Nexus 6P</td>
+ <td>Mar 6, 2016</td>
+ </tr>
+</table>
+
+
+<h3 id=elevation_of_privilege_vulnerability_in_qualcomm_wi-fi_driver>
+Elevation of Privilege Vulnerability in Qualcomm Wi-Fi Driver</h3>
+
+
+<p>An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could
+enable a local malicious application to execute arbitrary code within the
+context of the kernel. This issue is rated as Critical due to the possibility
+of a local permanent device compromise, which may require reflashing the
+operating system to repair the device.</p>
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="27%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>Android bugs</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-2474</td>
+ <td>27424603</td>
+ <td>Critical</td>
+ <td>Nexus 5X</td>
+ <td>Google Internal</td>
+ </tr>
+</table>
+
+
+<h3 id=elevation_of_privilege_vulnerability_in_broadcom_wi-fi_driver>
+Elevation of Privilege Vulnerability in Broadcom Wi-Fi Driver</h3>
+
+
+<p>An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could
+enable a local malicious application to invoke system calls changing the device
+settings and behavior without the privileges to do so. This issue is rated as
+High because it could be used to gain local access to elevated capabilities.</p>
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="27%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>Android bugs</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-2475</td>
+ <td>26425765</td>
+ <td>High</td>
+ <td>Nexus 5, Nexus 6, Nexus 6P, Nexus 7 (2013), Nexus 9, Nexus Player, Pixel C</td>
+ <td>Jan 6, 2016</td>
+ </tr>
+</table>
+
+
+<h3 id=elevation_of_privilege_vulnerability_in_qualcomm_sound_driver>
+Elevation of Privilege Vulnerability in Qualcomm Sound Driver</h3>
+
+
+<p>An elevation of privilege vulnerability in the Qualcomm sound driver could
+enable a malicious application to execute arbitrary code within the context of
+the kernel. This issue is rated as High because it first requires compromising
+a service that can call the driver.</p>
+
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="27%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>Android bugs</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-2066</td>
+ <td>26876409</td>
+ <td>High</td>
+ <td>Nexus 5, Nexus 5X, Nexus 6, Nexus 6P</td>
+ <td>Jan 29, 2016</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-2469</td>
+ <td>27531992</td>
+ <td>High</td>
+ <td>Nexus 5, Nexus 6, Nexus 6P</td>
+ <td>Mar 4, 2016</td>
+ </tr>
+</table>
+
+
+<h3 id=elevation_of_privilege_vulnerability_in_mediaserver>
+Elevation of Privilege Vulnerability in Mediaserver</h3>
+
+
+<p>An elevation of privilege vulnerability in Mediaserver could enable a local
+malicious application to execute arbitrary code within the context of an
+elevated system application. This issue is rated as High because it could be
+used to gain local access to elevated capabilities, such as
+<a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> or
+<a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a>
+permissions privileges, which are not accessible to a third-party application.</p>
+
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="19%">
+ <col width="18%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>Android bugs</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Updated AOSP versions</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-2476</td>
+ <td>27207275</td>
+ <td>High</td>
+ <td><a href="#nexus_devices">All Nexus</a></td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td>
+ <td>Feb 11, 2016</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-2477</td>
+ <td>27251096</td>
+ <td>High</td>
+ <td><a href="#nexus_devices">All Nexus</a></td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td>
+ <td>Feb 17, 2016</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-2478</td>
+ <td>27475409</td>
+ <td>High</td>
+ <td><a href="#nexus_devices">All Nexus</a></td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td>
+ <td>Mar 3, 2016</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-2479</td>
+ <td>27532282</td>
+ <td>High</td>
+ <td><a href="#nexus_devices">All Nexus</a></td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td>
+ <td>Mar 6, 2016</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-2480</td>
+ <td>27532721</td>
+ <td>High</td>
+ <td><a href="#nexus_devices">All Nexus</a></td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td>
+ <td>Mar 6, 2016</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-2481</td>
+ <td>27532497</td>
+ <td>High</td>
+ <td><a href="#nexus_devices">All Nexus</a></td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td>
+ <td>Mar 6, 2016</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-2482</td>
+ <td>27661749</td>
+ <td>High</td>
+ <td><a href="#nexus_devices">All Nexus</a></td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td>
+ <td>Mar 14, 2016</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-2483</td>
+ <td>27662502</td>
+ <td>High</td>
+ <td><a href="#nexus_devices">All Nexus</a></td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td>
+ <td>Mar 14, 2016</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-2484</td>
+ <td>27793163</td>
+ <td>High</td>
+ <td><a href="#nexus_devices">All Nexus</a></td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td>
+ <td>Mar 22, 2016</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-2485</td>
+ <td>27793367</td>
+ <td>High</td>
+ <td><a href="#nexus_devices">All Nexus</a></td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td>
+ <td>Mar 22, 2016</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-2486</td>
+ <td>27793371</td>
+ <td>High</td>
+ <td><a href="#nexus_devices">All Nexus</a></td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td>
+ <td>Mar 22, 2016</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-2487</td>
+ <td>27833616</td>
+ <td>High</td>
+ <td><a href="#nexus_devices">All Nexus</a></td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td>
+ <td>Google Internal</td>
+ </tr>
+</table>
+
+
+<h3 id=elevation_of_privilege_vulnerability_in_qualcomm_camera_driver>
+Elevation of Privilege Vulnerability in Qualcomm Camera Driver</h3>
+
+
+<p>An elevation of privilege vulnerability in the Qualcomm camera driver could
+enable a local malicious application to execute arbitrary code within the
+context of the kernel. This issue is rated as High because it first requires
+compromising a service that can call the driver.</p>
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="27%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>Android bugs</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-2061</td>
+ <td>27207747</td>
+ <td>High</td>
+ <td>Nexus 5X, Nexus 6P</td>
+ <td>Feb 15, 2016</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-2488</td>
+ <td>27600832</td>
+ <td>High</td>
+ <td>Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, Nexus 7 (2013)</td>
+ <td>Google Internal</td>
+ </tr>
+</table>
+
+
+<h3 id=elevation_of_privilege_vulnerability_in_qualcomm_video_driver_2>
+Elevation of Privilege Vulnerability in Qualcomm Video Driver</h3>
+
+
+<p>An elevation of privilege vulnerability in the Qualcomm video driver could
+enable a local malicious application to execute arbitrary code within the
+context of the kernel. This issue is rated as High because it first requires
+compromising a service that can call the driver.</p>
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="27%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>Android bugs</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-2489</td>
+ <td>27407629</td>
+ <td>High</td>
+ <td>Nexus 5, Nexus 5X, Nexus 6, Nexus 6P</td>
+ <td>Feb 21, 2016</td>
+ </tr>
+</table>
+
+
+<h3 id=elevation_of_privilege_vulnerability_in_nvidia_camera_driver>
+Elevation of Privilege Vulnerability in NVIDIA Camera Driver</h3>
+
+
+<p>An elevation of privilege vulnerability in the NVIDIA camera driver could
+enable a local malicious application to execute arbitrary code within the
+context of the kernel. This issue is rated as High because it first requires
+compromising a service to call the driver.</p>
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="27%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>Android bugs</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-2490</td>
+ <td>27533373</td>
+ <td>High</td>
+ <td>Nexus 9</td>
+ <td>Mar 6, 2016</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-2491</td>
+ <td>27556408</td>
+ <td>High</td>
+ <td>Nexus 9</td>
+ <td>Mar 8, 2016</td>
+ </tr>
+</table>
+
+
+<h3 id=elevation_of_privilege_vulnerability_in_qualcomm_wi-fi_driver_2>
+Elevation of Privilege Vulnerability in Qualcomm Wi-Fi Driver</h3>
+
+
+<p>An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could
+enable a malicious application to execute arbitrary code within the context of
+the kernel. This issue is rated as High because it first requires compromising
+a service that can call the driver.</p>
+
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="27%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>Android bugs</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-2470</td>
+ <td>27662174</td>
+ <td>High</td>
+ <td>Nexus 7 (2013)</td>
+ <td>Mar 13, 2016</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-2471</td>
+ <td>27773913</td>
+ <td>High</td>
+ <td>Nexus 7 (2013)</td>
+ <td>Mar 19, 2016</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-2472</td>
+ <td>27776888</td>
+ <td>High</td>
+ <td>Nexus 7 (2013)</td>
+ <td>Mar 20, 2016</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-2473</td>
+ <td>27777501</td>
+ <td>High</td>
+ <td>Nexus 7 (2013)</td>
+ <td>Mar 20, 2016</td>
+ </tr>
+</table>
+
+
+<h3 id=elevation_of_privilege_vulnerability_in_mediatek_power_management_driver>
+Elevation of Privilege Vulnerability in MediaTek Power Management Driver</h3>
+
+
+<p>An elevation of privilege in the MediaTek power management driver could enable
+a local malicious application to execute arbitrary code within the context of
+the kernel. This issue is rated as High because it first requires compromising
+the device and an elevation to root to call the driver.</p>
+
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="27%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>Android bugs</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-2492</td>
+ <td>28085410</td>
+ <td>High</td>
+ <td>Android One</td>
+ <td>Apr 7, 2016</td>
+ </tr>
+</table>
+
+
+<h3 id=elevation_of_privilege_vulnerability_in_sd_card_emulation_layer>
+Elevation of Privilege Vulnerability in SD Card Emulation Layer</h3>
+
+
+<p>An elevation of privilege vulnerability in the SD Card userspace emulation
+layer could enable a local malicious application to execute arbitrary code
+within the context of an elevated system application. This issue is rated as
+High because it could be used to gain local access to elevated capabilities,
+such as <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a>
+or <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a>
+permissions privileges, which are not accessible to a third-party application.</p>
+
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="19%">
+ <col width="18%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>Android bugs</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Updated AOSP versions</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-2494</td>
+ <td>28085658</td>
+ <td>High</td>
+ <td><a href="#nexus_devices">All Nexus</a></td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td>
+ <td>Apr 7, 2016</td>
+ </tr>
+</table>
+
+
+<h3 id=elevation_of_privilege_vulnerability_in_broadcom_wi-fi_driver_2>
+Elevation of Privilege Vulnerability in Broadcom Wi-Fi Driver</h3>
+
+
+<p>An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could
+enable a local malicious application to execute arbitrary code within the
+context of the kernel. This issue is rated as High because it first requires
+compromising a service to call the driver.</p>
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="27%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>Android bugs</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-2493</td>
+ <td>26571522</td>
+ <td>High</td>
+ <td>Nexus 5, Nexus 6, Nexus 6P, Nexus 7 (2013), Nexus Player, Pixel C</td>
+ <td>Google Internal</td>
+ </tr>
+</table>
+
+
+<h3 id=remote_denial_of_service_vulnerability_in_mediaserver>
+Remote Denial of Service Vulnerability in Mediaserver</h3>
+
+
+<p>A remote denial of service vulnerability in Mediaserver could enable an
+attacker to use a specially crafted file to cause a device hang or reboot. This
+issue is rated as High due to the possibility of remote denial of service.</p>
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="19%">
+ <col width="18%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>Android bugs</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Updated AOSP versions</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-2495</td>
+ <td>28076789</td>
+ <td>High</td>
+ <td><a href="#nexus_devices">All Nexus</a></td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td>
+ <td>Apr 6, 2016</td>
+ </tr>
+</table>
+
+
+<h3 id=elevation_of_privilege_vulnerability_in_framework_ui>
+Elevation of Privilege Vulnerability in Framework UI</h3>
+
+
+<p>An elevation of privilege vulnerability in the Framework UI permission dialog
+window could enable an attacker to gain access to unauthorized files in private
+storage. This issue is rated as Moderate because it could be used to improperly
+gain "<a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">dangerous</a>" permissions.</p>
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="19%">
+ <col width="18%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>Android bugs</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Updated AOSP versions</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-2496</td>
+ <td>26677796</td>
+ <td>Moderate</td>
+ <td><a href="#nexus_devices">All Nexus</a></td>
+ <td>6.0, 6.1</td>
+ <td>May 26, 2015</td>
+ </tr>
+</table>
+
+
+<h3 id=information_disclosure_vulnerability_in_qualcomm_wi-fi_driver>
+Information Disclosure Vulnerability in Qualcomm Wi-Fi Driver</h3>
+
+
+<p>An information disclosure in the Qualcomm Wi-Fi driver could enable a local
+malicious application to access data outside of its permission levels. This
+issue is rated as Moderate because it first requires compromising a service
+that can call the driver.</p>
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="27%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>Android bugs</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-2498</td>
+ <td>27777162</td>
+ <td>Moderate</td>
+ <td>Nexus 7 (2013)</td>
+ <td>Mar 20, 2016</td>
+ </tr>
+</table>
+
+
+<h3 id=information_disclosure_vulnerability_in_mediaserver>
+Information Disclosure Vulnerability in Mediaserver</h3>
+
+
+<p>An information disclosure vulnerability in Mediaserver could allow an
+application to access sensitive information. This issue is rated as Moderate
+because it could be used to access data without permission.</p>
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="19%">
+ <col width="18%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>Android bugs</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Updated AOSP versions</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-2499</td>
+ <td>27855172</td>
+ <td>Moderate</td>
+ <td><a href="#nexus_devices">All Nexus</a></td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td>
+ <td>Mar 24, 2016</td>
+ </tr>
+</table>
+
+
+<h3 id=information_disclosure_vulnerability_in_activity_manager>
+Information Disclosure Vulnerability in Activity Manager</h3>
+
+
+<p>An information disclosure vulnerability in the Activity Manager component could
+allow an application to access sensitive information. This issue is rated
+Moderate because it could be used to access data without permission.</p>
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="19%">
+ <col width="18%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>Android bugs</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Updated AOSP versions</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-2500</td>
+ <td>19285814</td>
+ <td>Moderate</td>
+ <td><a href="#nexus_devices">All Nexus</a></td>
+ <td>5.0.2, 5.1.1, 6.0, 6.0.1</td>
+ <td>Google Internal</td>
+ </tr>
+</table>
+
+
+<h2 id=common_questions_and_answers>Common Questions and Answers</h2>
+
+
+<p>This section answers common questions that may occur after reading this
+bulletin.</p>
+
+<p><strong>1. How do I determine if my device is updated to address these issues?</strong></p>
+
+<p>Security Patch Levels of June 01, 2016 or later address these issues (refer to
+the <a href="https://support.google.com/nexus/answer/4457705">Nexus documentation</a>
+for instructions on how to check the security patch level). Device
+manufacturers that include these updates should set the patch string level to:
+[ro.build.version.security_patch]:[2016-06-01]</p>
+
+<p id="nexus_devices"><strong>2. How do I determine which Nexus devices are affected by each issue?</strong></p>
+
+<p>In the <a href="#security_vulnerability_summary">Security Vulnerability Details</a> section,
+each table has an Updated Nexus devices column that covers the range
+of affected Nexus devices updated for each issue. This column has a few
+options:</p>
+
+<ul>
+ <li> <strong>All Nexus devices</strong>: If an issue affects all Nexus devices, the table
+ will have “All Nexus” in the <em>Updated Nexus devices</em> column. “All Nexus”
+ encapsulates the following <a href="https://support.google.com/nexus/answer/4457705#nexus_devices">
+ supported devices</a>: Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, Nexus 7 (2013),
+ Nexus 9, Android One, Nexus Player, and Pixel C.</li>
+ <li> <strong>Some Nexus devices</strong>: If an issue doesn’t affect all Nexus devices,
+ the affected Nexus devices are listed in the <em>Updated Nexus devices</em> column.</li>
+ <li> <strong>No Nexus devices</strong>: If no Nexus devices are affected by the issue,
+ the table will have “None” in the <em>Updated Nexus devices</em> column.</li>
+</ul>
+
+<h2 id=revisions>Revisions</h2>
+
+
+<ul>
+ <li> June 06, 2016: Bulletin published.</li>
+ </ul>
diff --git a/src/security/bulletin/index.jd b/src/security/bulletin/index.jd
index cb4b8c5..fe2e8fc 100644
--- a/src/security/bulletin/index.jd
+++ b/src/security/bulletin/index.jd
@@ -40,6 +40,13 @@
<th>Android Security Patch Level</th>
</tr>
<tr>
+ <td><a href="2016-06-01.html">June 2016</a></td>
+ <td>Coming soon
+ </td>
+ <td>June 6, 2016</td>
+ <td>June 1, 2016: [2016-06-01]</td>
+ </tr>
+ <tr>
<td><a href="2016-05-01.html">May 2016</a></td>
<td>
<a href="{@docRoot}intl/ja_ALL/security/bulletin/2016-05-01.html">日本語</a> /
diff --git a/src/security/overview/acknowledgements.jd b/src/security/overview/acknowledgements.jd
index f15d4b7..3e63519 100644
--- a/src/security/overview/acknowledgements.jd
+++ b/src/security/overview/acknowledgements.jd
@@ -56,14 +56,16 @@
<p>David Riley of the Google Pixel C Team</p>
-<p> Dzmitry Lukyanenka (<a href="http://www.linkedin.com/in/dzima">
- www.linkedin.com/in/dzima</a>)</p>
+<p>Di Shen (<a href="https://twitter.com/returnsme">@returnsme</a>) of KeenLab
+ (<a href="https://twitter.com/keen_lab">@keen_lab</a>), Tencent</p>
<p>Dominik Schürmann of <a href="https://www.ibr.cs.tu-bs.de">Institute for
Operating Systems and Computer Networks</a>, TU Braunschweig</p>
<p>Dongkwan Kim (<a href="mailto:dkay@kaist.ac.kr">dkay@kaist.ac.kr</a>) of System Security Lab, KAIST</p>
+<p>Dzmitry Lukyanenka (<a href="http://www.linkedin.com/in/dzima">www.linkedin.com/in/dzima</a>)</p>
+
<p>Gal Beniamini (<a href="https://twitter.com/@laginimaineb">@laginimaineb</a>, <a href="http://bits-please.blogspot.com/">http://bits-please.blogspot.com</a>)</p>
<p>Gengjia Chen (<a href="https://twitter.com/@chengjia4574">@chengjia4574</a>) from Lab 0x031E of Qihoo 360 Technology Co. Ltd</p>
@@ -78,6 +80,8 @@
<p>Imre Rad of <a href="http://www.search-lab.hu/">Search-Lab Ltd.</a></p>
+<p><a href="http://www.iwobanas.com">Iwo Banas</a></p>
+
<p>Jake Valletta of Mandiant, a FireEye company</p>
<p>James Forshaw of Google Project Zero</p>
@@ -94,13 +98,21 @@
<p>Kenny Root of Google</p>
+<p>Lee Campbell of Google</p>
+
+<p>Maciej Szawłowski of the Google Security Team</p>
+
<p>Marco Grassi (<a href="https://twitter.com/marcograss">@marcograss</a>) of KeenLab
(<a href="https://twitter.com/keen_lab">@keen_lab</a>), Tencent</p>
+<p>Marco Nelissen of Google</p>
+
<p>Mark Brand of Google Project Zero</p>
<p>Martin Barbella of Google Chrome Security Team</p>
+<p>Max Spector of Google</p>
+
<p>Michał Bednarski (<a href="https://github.com/michalbednarski">https://github.com/michalbednarski</a>)</p>
<p>Mingjian Zhou (<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>) of <a href="http://c0reteam.org">C0RE Team</a> from <a href="http://www.360safe.com/">Qihoo 360</a></p>
@@ -145,6 +157,8 @@
<p><a href="mailto:litongxin1991@gmail.com">Tongxin Li</a> of Peking University</p>
+<p>Vasily Vasilev</p>
+
<p>Vishwath Mohan of Android Security</p>
<p>Weichao Sun (<a href="https://twitter.com/sunblate">@sunblate</a>) of Alibaba Inc</p>
@@ -155,6 +169,8 @@
<p><a href="mailto:xw7@indiana.edu">Xiaofeng Wang</a> of Indiana University Bloomington</p>
+<p>Xiling Gong of Tencent Security Platform Department</p>
+
<p><a href="mailto:hanxinhui@pku.edu.cn">Xinhui Han</a> of Peking University</p>
<p>Xuxian Jiang of <a href="http://c0reteam.org">C0RE Team</a> from <a href="http://www.360safe.com/">Qihoo 360</a></p>
diff --git a/src/security/security_toc.cs b/src/security/security_toc.cs
index d512045..630c1a3 100644
--- a/src/security/security_toc.cs
+++ b/src/security/security_toc.cs
@@ -61,6 +61,7 @@
<li><a href="<?cs var:toroot ?>security/advisory/2016-03-18.html">2016-03-18</a></li>
</ul>
</li>
+ <li><a href="<?cs var:toroot ?>security/bulletin/2016-06-01.html">June 2016</a></li>
<li><a href="<?cs var:toroot ?>security/bulletin/2016-05-01.html">May 2016</a></li>
<li><a href="<?cs var:toroot ?>security/bulletin/2016-04-02.html">April 2016</a></li>
<li><a href="<?cs var:toroot ?>security/bulletin/2016-03-01.html">March 2016</a></li>
