A pile of security updates for Thursday
CentOS has updatedfirefox (C5, C6, C7: multiple vulnerabilities).
Debian has updatedwireshark (LTS: dissector vulnerabilities),irssi (denial of service), andopenssl (multiple vulnerabilities).
Fedora has updateddrupal7-google_analytics (F23, F24: cross-site scripting),drupal7-panels (F23, F24: multiple vulnerabilities),jasper (F23: multiple code-executionvulnerabilities),mod_cluster (F24: "remoteexploits"),nodejs-string-dot-prototype-dot-repeat (F23: "update for securityreasons"),php-horde-Horde-Mime-Viewer (F23,F24:cross-site scripting),php-horde-Horde-Text-Filter (F23,F24:cross-site scripting), andxen (F23: multiplevulnerabilities).
Mageia has updatedchromium-browser-stable (29 CVEs),curl (code execution),file-roller (file deletion),flash-player-plugin (26 CVEs),icu (code execution),jsch (path traversal vulnerability),libksba (denial of service),nodejs (remote code execution),slock (lock bypass), andtomcat (traffic redirection).
openSUSE has updatedopera (multiple vulnerabilities).
Oracle has updatedfirefox (OL5, OL6,OL7: multiplevulnerabilities).
Scientific Linux has updatedfirefox (SL5-7: multiple vulnerabilities).
Slackware has updatedirssi (denial of service),pidgin (17 CVE numbers), andfirefox (multiple vulnerabilities).
SUSE has updatedjava-1_7_1-ibm (SLES12: three CVEsdescribed as "Unspecified vulnerability in Oracle Java SE 7u101 and8u92 allows local users to affect confidentiality, integrity, andavailability via vectors related to Deployment"), andjava-1_6-0-ibm (SLES11: oneunspecified vulnerability).
Ubuntu has updatedfirefox (multiple vulnerabilities),gdk-pixbuf (code execution),irssi (denial of service), andthunderbird (code execution).
Note that there appear to be differences of opinion as to whether the irssivulnerability can be exploited for code execution.