Friday's security updates

Arch Linux has updated qt5-webengine (multiple vulnerabilities) and tcpdump (multiple vulnerabilities).

CentOS has updated thunderbird (C7; C6; C5: multiple vulnerabilities).

Debian-LTS has updated ntfs-3g(privilege escalation) and svgsalamander(server-side request forgery).

Fedora has updated openldap (F25:unintended cipher usage from 2015), and wavpack (F25: multiple vulnerabilities).

Mageia has updated openafs(information leak) and pdns-recursor(denial of service).

openSUSE has updated java-1_8_0-openjdk (42.2, 42.1: multiple vulnerabilities),mupdf (42.2; 42.1: three vulnerabilities), phpMyAdmin (42.2, 42.1: multiple vulnerabilities, one from 2015),and Wireshark (42.2: two denial of service flaws).

Oracle has updated thunderbird (OL7; OL6: multiple vulnerabilities).

Scientific Linux has updated libtiff (SL7&6: multiple vulnerabilities, one from 2015) and thunderbird (multiple vulnerabilities).

Ubuntu has updated kernel (16.10; 14.04;12.04: multiple vulnerabilities), kernel, linux-raspi2, linux-snapdragon (16.04:two vulnerabilities), linux-lts-trusty(12.04: code execution), linux-lts-xenial(14.04: two vulnerabilities), and tomcat(14.04, 12.04: regression in previous update).