Thursday's security updates

CentOS has updated gstreamer-plugins-bad-free (C6: two code execution flaws), gstreamer-plugins-good (C6: multiple vulnerabilities), thunderbird (C7; C6: multiple vulnerabilities), and vim (C7; C6: code execution).

Debian-LTS has updated imagemagick (multiple vulnerabilities) and libgd2 (code execution).

Fedora has updated dovecot (F24: denial of service), msgpuck (F25; F24: two denial of service flaws), and tarantool (F25; F24: two denial of service flaws).

openSUSE has updated gd (13.2: code execution), GraphicsMagick (two vulnerabilities), ImageMagick (13.2: multiple vulnerabilities), mcabber (42.2: information disclosure from 2015), php5 (13.2: three vulnerabilities), qemu (42.2: multiple vulnerabilities), and shellinabox (HTTP fallback from 2015).

Oracle has updated gstreamer-plugins-bad-free (OL6: two code execution flaws), gstreamer-plugins-good (OL6: multiple vulnerabilities), kernel 2.6.39 (OL6; OL5: two vulnerabilities), kernel 3.8.13 (OL7; OL6: two vulnerabilities), kernel 4.1.12 OL7; OL6: code execution), and thunderbird (OL7; OL6: multiple vulnerabilities).

Red Hat has updated openstack-cinder/glance/nova (RHOSP8.0: denial of service from 2015).

SUSE has updated firefox (SLE12; SLE11SP4&3; SLE11SP2: multiple vulnerabilities), kernel (SLE12: two vulnerabilities), and xen (SLE12; SLE12SP2; SLE12SP1; SLE11SP4: three vulnerabilities).