Post Syndicated from ris original http://lwn.net/Articles/693573/rss
Arch Linux has updated libarchive (code execution), libreoffice-fresh (code execution), and xerces-c (denial of service).
Debian-LTS has updated sqlite3 (information leak).
Fedora has updated mingw-xerces-c (F23; F22:
three vulnerabilities) and xerces-c (F23; F22: two vulnerabilities).
Mageia has updated gimp (use-after-free), iperf (denial of service), libarchive (multiple vulnerabilities), libgd (multiple vulnerabilities), libtorrent-rasterbar (denial of service), php (multiple vulnerabilities), phpmyadmin (multiple vulnerabilities), pidgin (multiple vulnerabilities), squidguard (cross-site scripting), and xerces-c (denial of service).
openSUSE has updated cronic
(Leap42.1, 13.2: predictable temporary files), libircclient (Leap42.1; 13.2: insecure cipher suites), and xerces-c (13.2: code execution).
SUSE has updated xen (SLE11-SP3:
multiple vulnerabilities – some from 2013).
Ubuntu has updated gimp (15.10,
14.04, 12.04: use-after-free), libimobiledevice (16.04, 15.10, 14.04: sockets
listening on INADDR_ANY), libusbmuxd
(16.04, 15.10: sockets listening on INADDR_ANY), and tomcat6, tomcat7 (multiple vulnerabilities).