Security updates for Monday Arch Linux has updated ecryptfs-utils (privilege escalation), linux-lts (privilege escalation), privoxy (two denial of service flaws), python-rsa (signature forgery), and python2-rsa (signature forgery).
CentOS has updated ntp (C7; C6: missing check for zero originate timestamp).
Debian has updated claws-mail (code execution).
Debian-LTS has updated foomatic-filters (buffer overflows), imlib2 (denial of service), pound (multiple vulnerabilities, one from 2009), and privoxy (two denial of service flaws).
Fedora has updated bind (F23: two
denial of service flaws), bind99 (F23:
denial of service), chrony (F23: packet
modification), dhcp (F22: denial of
service), java-1.8.0-openjdk (F23:
unspecified), mod_nss (F22: enables
insecure ciphersuites), owncloud (F23; F22:
multiple vulnerabilities), python-rsa (F22:
signature forgery), and qemu (F23: multiple vulnerabilities).
Mageia has updated virtualbox (unspecified vulnerabilities).
openSUSE has updated bind (13.1:
denial of service), cgit (13.1: three
vulnerabilities), giflib (13.1: heap-based
buffer overflow), jasper (13.2; 13.1: denial of service), libvirt (Leap42.1, 13.2; 13.1: path traversal), openldap2 (13.2: two vulnerabilities), roundcubemail (Leap42.1; 13.2; 13.1: code execution), and tiff (13.2; 13.1: denial of service).
Oracle has updated ntp (OL7: missing check for zero originate timestamp).
Red Hat has updated ntp (RHEL6,7:
missing check for zero originate timestamp).
Scientific Linux has updated ntp
(SL6,7: missing check for zero originate timestamp).
SUSE has updated bind
(SLES10-SP4: four denial of service vulnerabilities), openldap2 (SLE12-SP1: two vulnerabilities),
and kernel (SLE12: privilege escalation).