Wednesday's security updates CentOS has updated kernel (C5:
use after free), thunderbird (C5: multiple
vulnerabilities), and xen (C5: privilege escalation).
Debian has updated flightgear
(file overwrites), php-ssh2 (problem with
previous php update), and python-bottle (CRLF attacks).
Debian-LTS has updated dcmtk (buffer overflows/underflows).
Fedora has updated mapserver (F25; F24: information leak).
openSUSE has updated ceph (42.2:
denial of service) and zlib (13.2: multiple vulnerabilities).
Oracle has updated kernel (OL5:
use after free), vim (OL7; OL6: code execution), and xen (OL5: privilege escalation).
Red Hat has updated gstreamer-plugins-bad-free (RHEL6: code
execution), gstreamer-plugins-good (RHEL6:
multiple vulnerabilities), thunderbird
(RHEL5,6,7: multiple vulnerabilities), and vim (RHEL6,7: code execution).
Scientific Linux has updated gstreamer-plugins-bad-free (SL6: code
execution), gstreamer-plugins-good (SL6:
multiple vulnerabilities), thunderbird
(SL5,6,7: multiple vulnerabilities), and vim (SL6,7: code execution).
SUSE has updated kernel
(SLE11-SP4: two vulnerabilities).
Ubuntu has updated kernel (16.10; 16.04;
14.04; 12.04: multiple vulnerabilities), linux-lts-trusty (12.04: two vulnerabilities),
linux-lts-xenial (14.04: multiple
vulnerabilities), linux-raspi2 (16.10; 16.04:
multiple vulnerabilities), linux-snapdragon
(16.04: multiple vulnerabilities), and linux-ti-omap4 (12.04: information leak).