Friday's security updates

Arch Linux has updated qt5-webengine (multiple vulnerabilities) and tcpdump (multiple vulnerabilities).

CentOS has updated thunderbird (C7; C6; C5: multiple vulnerabilities).

Debian-LTS has updated ntfs-3g (privilege escalation) and svgsalamander (server-side request forgery).

Fedora has updated openldap (F25: unintended cipher usage from 2015), and wavpack (F25: multiple vulnerabilities).

Mageia has updated openafs (information leak) and pdns-recursor (denial of service).

openSUSE has updated java-1_8_0-openjdk (42.2, 42.1: multiple vulnerabilities), mupdf (42.2; 42.1: three vulnerabilities), phpMyAdmin (42.2, 42.1: multiple vulnerabilities, one from 2015), and Wireshark (42.2: two denial of service flaws).

Oracle has updated thunderbird (OL7; OL6: multiple vulnerabilities).

Scientific Linux has updated libtiff (SL7&6: multiple vulnerabilities, one from 2015) and thunderbird (multiple vulnerabilities).

Ubuntu has updated kernel (16.10; 14.04; 12.04: multiple vulnerabilities), kernel, linux-raspi2, linux-snapdragon (16.04: two vulnerabilities), linux-lts-trusty (12.04: code execution), linux-lts-xenial (14.04: two vulnerabilities), and tomcat (14.04, 12.04: regression in previous update).