Wednesday's security updates

CentOS has updated kernel (C5: use after free), thunderbird (C5: multiple vulnerabilities), and xen (C5: privilege escalation).

Debian has updated flightgear (file overwrites), php-ssh2 (problem with previous php update), and python-bottle (CRLF attacks).

Debian-LTS has updated dcmtk (buffer overflows/underflows).

Fedora has updated mapserver (F25; F24: information leak).

openSUSE has updated ceph (42.2: denial of service) and zlib (13.2: multiple vulnerabilities).

Oracle has updated kernel (OL5: use after free), vim (OL7; OL6: code execution), and xen (OL5: privilege escalation).

Red Hat has updated gstreamer-plugins-bad-free (RHEL6: code execution), gstreamer-plugins-good (RHEL6: multiple vulnerabilities), thunderbird (RHEL5,6,7: multiple vulnerabilities), and vim (RHEL6,7: code execution).

Scientific Linux has updated gstreamer-plugins-bad-free (SL6: code execution), gstreamer-plugins-good (SL6: multiple vulnerabilities), thunderbird (SL5,6,7: multiple vulnerabilities), and vim (SL6,7: code execution).

SUSE has updated kernel (SLE11-SP4: two vulnerabilities).

Ubuntu has updated kernel (16.10; 16.04; 14.04; 12.04: multiple vulnerabilities), linux-lts-trusty (12.04: two vulnerabilities), linux-lts-xenial (14.04: multiple vulnerabilities), linux-raspi2 (16.10; 16.04: multiple vulnerabilities), linux-snapdragon (16.04: multiple vulnerabilities), and linux-ti-omap4 (12.04: information leak).

Comments (none posted)