Thursday's security updates

Arch Linux has updated curl (multiple vulnerabilities), lib32-curl (multiple vulnerabilities), lib32-libcurl-compat (multiple vulnerabilities), lib32-libcurl-gnutls (multiple vulnerabilities), libcurl-compat (multiple vulnerabilities), libcurl-gnutls (multiple vulnerabilities), tar (file overwrite), and tomcat6 (redirect HTTP traffic).

CentOS has updated bind (C6; C5: denialof service) and bind97 (C5: denial of service).

Debian-LTS has updated bind9 (denial of service), bsdiff (denial of service), qemu (multiple vulnerabilities), spip (multiple vulnerabilities), and xen (information leak/corruption).

Mageia has updated openjpeg2 (multiple vulnerabilities).

openSUSE has updated bash (13.2:code execution), ghostscript (Leap42.1:insufficient parameter check), libxml2(Leap42.1: code execution), and openslp(Leap42.1: two vulnerabilities).

Oracle has updated bind (OL6; OL5:denial of service) and bind97 (OL5: denial of service).

Red Hat has updated 389-ds-base(RHEL7: three vulnerabilities), bind (RHEL7; RHEL5,6: denial of service), bind97 (RHEL5: denial of service), curl (RHEL7: three vulnerabilities), dhcp (RHEL7: denial of service), firewalld (RHEL7: authentication bypass), fontconfig (RHEL7: privilege escalation), gimp (RHEL7: use-after-free), glibc (RHEL7: three vulnerabilities), kernel (RHEL7: multiple vulnerabilities), kernel-rt (RHEL7: multiple vulnerabilities),krb5 (RHEL7: two vulnerabilities), libguestfs and virt-p2v (RHEL7: informationleak), libreoffice (RHEL7: code execution),libreswan (RHEL7: denial of service), libvirt (RHEL7: three vulnerabilities), mariadb (RHEL7: multiple vulnerabilities), mod_nss (RHEL7: invalid handling of +CIPHERoperator), nettle (RHEL7: multiplevulnerabilities), NetworkManager (RHEL7:information leak), ntp (RHEL7: multiplevulnerabilities), openssh (RHEL7: privilegeescalation), pacemaker (RHEL7: denial ofservice), pacemaker (RHEL7: privilegeescalation), pcs (RHEL7: twovulnerabilities), php (RHEL7: multiplevulnerabilities), poppler (RHEL7: codeexecution), postgresql (RHEL7: twovulnerabilities), powerpc-utils-python(RHEL7: code execution), python (RHEL7:code execution), qemu-kvm (RHEL7: twovulnerabilities), resteasy-base (RHEL7:code execution), squid (RHEL7: multipledenial of service flaws), subscription-manager (RHEL7: informationdisclosure), sudo (RHEL7: informationdisclosure), systemd (RHEL7: denial ofservice), tomcat (RHEL7: multiplevulnerabilities), util-linux (RHEL7: denialof service), and wget (RHEL7: code execution).

SUSE has updated bind (SLES-Pi-12-SP2; SOSC5, SMP2.1, SM2.1, SLE11-SP2,3,4: denial ofservice) and curl (SLE11-SP4: multiple vulnerabilities).

Ubuntu has updated memcached(code execution), nvidia-graphics-drivers-367 (16.04, 14.04,12.04: privilege escalation), and openjdk-8(16.10, 16.04: multiple vulnerabilities).