Security advisories for Wednesday

Arch Linux has updated firefox (multiple vulnerabilities), linux-zen (denial of service), python-html5lib (cross-site scripting), and python2-html5lib (cross-site scripting).

Debian has updated apt (code execution) and firefox-esr (multiple vulnerabilities).

Debian-LTS has updated chrony (packet modification).

Fedora has updated lxc (F25; F24; F23: directory traversal) and roundcubemail (F24; F23: code execution).

openSUSE has updated gc (Leap42.2, 42.1: code execution), gstreamer-0_10-plugins-bad (Leap42.1, 13.2: code execution), kernel (13.1: privilege escalation), tomcat (Leap42.2; Leap42.1: multiple vulnerabilities), w3m (Leap42.2, 42.1: multiple vulnerabilities), and xen (Leap42.2: multiple vulnerabilities).

Red Hat has updated firefox (RHEL5,6,7: multiple vulnerabilities) and flash-plugin (RHEL6: multiple vulnerabilities).

Slackware has updated firefox (multiple vulnerabilities).

SUSE has updated flash-player (SLE12-SP1: multiple vulnerabilities) and kernel (SLE12-SP2: privilege escalation).

Ubuntu has updated apt (16.10, 16.04, 14.04: code execution) and firefox (multiple vulnerabilities).