Security updates for Friday

Arch Linux has updated firefox (two vulnerabilities) and thunderbird (code execution).

CentOS has updated thunderbird (C6; C5: code execution).

Debian-LTS has updated firefox-esr (multiple vulnerabilities), imagemagick (multiple vulnerabilities, many from 2014 and 2015), monit (cross-site request forgery), tomcat6 (multiple vulnerabilities), and tomcat7 (multiple vulnerabilities).

Fedora has updated calamares (F25; F24: encryption bypass), jenkins (F25: code execution), jenkins-remoting (F25: code execution), moin (F25; F24; F23: cross-site scripting flaws), mujs (F23: multiple vulnerabilities), and zathura-pdf-mupdf (F23: multiple vulnerabilities).

Gentoo has updated davfs2 (privilege escalation from 2013) and gnupg (flawed random number generation).

openSUSE has updated libtcnative-1-0 (42.2, 42.1: SSL improvements) and pacemaker (42.2: two vulnerabilities).

Oracle has updated firefox (OL7; OL6; OL5: code execution).

Red Hat has updated firefox (code execution).

SUSE has updated kernel (SLE11: multiple vulnerabilities, some from 2013 and 2015) and ImageMagick (SLE11: multiple vulnerabilities, some from 2014 and 2015).

Ubuntu has updated ghostscript (multiple vulnerabilities, one from 2013) and oxide-qt (16.10, 16.04, 14.04: multiple vulnerabilities).