A pile of security updates for Thursday Arch Linux has updated
firefox (multiple vulnerabilities),
irssi (code execution), and
tomcat7 (proxy injection).
CentOS has updated
firefox (C5, C6, C7: multiple vulnerabilities).
Debian has updated
wireshark (LTS: dissector vulnerabilities),
irssi (denial of service), and
openssl (multiple vulnerabilities).
Fedora has updated
drupal7-google_analytics (F23, F24: cross-site scripting),
drupal7-panels (F23, F24: multiple
vulnerabilities),
jasper (F23: multiple code-execution
vulnerabilities),
mod_cluster (F24: "remote
exploits"),
nodejs-string-dot-prototype-dot-repeat (F23: "update for security
reasons"),
php-horde-Horde-Mime-Viewer (F23,
F24:
cross-site scripting),
php-horde-Horde-Text-Filter (F23,
F24:
cross-site scripting), and
xen (F23: multiple
vulnerabilities).
Mageia has updated
chromium-browser-stable (29 CVEs),
curl (code execution),
file-roller (file deletion),
flash-player-plugin (26 CVEs),
icu (code execution),
jsch (path traversal vulnerability),
libksba (denial of service),
nodejs (remote code execution),
slock (lock bypass), and
tomcat (traffic redirection).
openSUSE has updated
opera (multiple vulnerabilities).
Oracle has updated
firefox (OL5,
OL6,
OL7: multiple
vulnerabilities).
Scientific Linux has updated
firefox (SL5-7: multiple vulnerabilities).
Slackware has updated
irssi (denial of service),
pidgin (17 CVE numbers), and
firefox (multiple vulnerabilities).
SUSE has updated
java-1_7_1-ibm (SLES12: three CVEs
described as "Unspecified vulnerability in Oracle Java SE 7u101 and
8u92 allows local users to affect confidentiality, integrity, and
availability via vectors related to Deployment"), and
java-1_6-0-ibm (SLES11: one
unspecified vulnerability).
Ubuntu has updated
firefox (multiple vulnerabilities),
gdk-pixbuf (code execution),
irssi (denial of service), and
thunderbird (code execution).
Note that there appear to be differences of opinion as to whether the irssi
vulnerability can be exploited for code execution.