Security advisories for Thursday

CentOS has updated firefox (C7; C6; C5: multiple vulnerabilities), thunderbird (C6; C5: three vulnerabilities), and xulrunner (C7: multiple vulnerabilities).

Debian has updated iceweasel (multiple vulnerabilities) and kernel (multiple vulnerabilities, including one from 2013).

Debian-LTS has updated unrtf (two code execution flaws).

Fedora has updated firefox (F21; F20: multiple vulnerabilities), kde-runtime (F21: kwallet crypto botch from 2013), and owasp-esapi-java (F21; F20: crypto botch from 2013).

Mageia has updated flash-player-plugin (multiple vulnerabilities) and python-pip (denial of service).

Mandriva has updated libsndfile (code execution), libvirt (denial of service), mpfr (code execution), and untrf (denial of service).

Oracle has updated firefox (OL5: multiple vulnerabilities).

Red Hat has updated flash-plugin (RHEL5&6: multiple vulnerabilities).

SUSE has updated kernel (SLERTE11SP3: multiple vulnerabilities, some from 2012 and 2013) and xorg-x11-server (SLE11SP3: multiple vulnerabilities).

Ubuntu has updated coreutils (14.04, 12.04, 10.04: two vulnerabilities, one from 2009), curl (HTTP request injection), firefox (14.10, 14.04, 12.04: multiple vulnerabilities), gparted (12.04: code execution), GTK+ (14.04: lock screen bypass), unzip (three code execution flaws), and ubufox (14.10, 14.04, 12.04: multiple vulnerabilities).