Security updates for Tuesday Debian has updated gimp (use-after-free), kernel (multiple vulnerabilities), libvirt (authentication bypass), tomcat7 (denial of service), and wireshark (multiple vulnerabilities).
Debian-LTS has updated pidgin (multiple vulnerabilities).
Fedora has updated gimp (F24:
use-after-free), kernel (F23: multiple
vulnerabilities), libreoffice (F23: code
execution), mbedtls (F24: three
vulnerabilities), mediawiki (F24; F23: multiple vulnerabilities), mingw-xerces-c (F24: three vulnerabilities),
ntp (F23; F22: multiple vulnerabilities), php (F24; F23; F22: multiple vulnerabilities),
php-pecl-zip (F24; F23; F22: two
vulnerabilities), phpMyAdmin (F23;
F22: multiple vulnerabilities), pypy
(F24; F23:
startTLS stripping attack), pypy3 (F24: two
vulnerabilities), python3 (F23: two
vulnerabilities), qemu (F23; F22: multiple vulnerabilities), setroubleshoot-plugins (F23: command
injection), and xerces-c (F24: two vulnerabilities).
openSUSE has updated gimp
(Leap42.1, 13.2: use-after-free), GraphicsMagick (13.2: multiple
vulnerabilities), kinit (Leap42.1, 13.2: privilege escalation), and spice (Leap42.1; 13.2: two vulnerabilities).
Red Hat has updated nodejs010-node-gyp and nodejs010-nodejs-qs
(RHSCL: denial of service) and openstack-ironic (RHOSP7 for RHEL7; RHOSP8: authentication bypass).
Slackware has updated thunderbird (multiple vulnerabilities).