Debian has updated curl (three vulnerabilities).
Red Hat has updated firefox (RHEL5,6,7: multiple vulnerabilities), golang (RHEL7: denial of service), kernel (RHEL7: three vulnerabilities), kernel-rt (RHEMRG2.5; RHEL7: two vulnerabilities), libtiff (RHEL7; RHEL6: multiple vulnerabilities), and ntp (RHEL6.7: multiple vulnerabilities).
Scientific Linux has updated libtiff (SL6: multiple vulnerabilities).
Ubuntu has updated php5, php7.0 (multiple vulnerabilities).
See also: this post from Michael Meeks on the last year of LibreOffice development.
Click below (subscribers only) for the full article from this week's Kernel Page.
Arch Linux has updated openssh (user enumeration via timing side-channel).
Fedora has updated dropbear (F23: multiple vulnerabilities), krb5 (F24: denial of service), p7zip (F23: two code execution flaws), php-doctrine-common (F24; F23: privilege escalation), and wireshark (F24: multiple vulnerabilities).
The US Federal Communications Commission (FCC) has announced a settlement with network-hardware manufacturer TP-Link, covering both the company's non-compliance with FCC transmission-power regulations and the company's plan to lock-out third-party firmware—including open-source firmware projects like OpenWrt. "While manufacturers of Wi-Fi routers must ensure reasonable safeguards to protect radio parameters, users are otherwise free to customize their routers and we support TP-Link’s commitment to work with the open-source community and Wi-Fi chipset manufacturers to enable third-party firmware on TP-Link routers." Under the settlement agreement, TP-Link will pay a $200,000 fine for shipping WiFi routers that could be configured to run above the permitted power limits, but it will also have to cooperate with open-source firmware projects to make sure they remain installable. TP-Link had moved to block user-installed firmware in March as its first attempt to satisfy the FCC's complaint about non-compliant power settings.
Debian-LTS has updated collectd (code execution), icedove (code execution), kde4libs (command execution), libdbd-mysql-perl (code execution), openssh (user enumeration via timing side-channel), qemu (multiple vulnerabilities), qemu-kvm (multiple vulnerabilities), redis (information leak), wordpress (multiple vulnerabilities), xen (multiple vulnerabilities), and xmlrpc-epi (denial of service).
Gentoo has updated bsh (code execution).
openSUSE has updated Chromium (13.1: multiple vulnerabilities), dropbear (13.1: multiple vulnerabilities), libidn (13.2: multiple vulnerabilities), mupdf (Leap42.1, 13.2: denial of service), php5 (Leap42.1: multiple vulnerabilities), polarssl (13.2: code execution), and sqlite3 (13.2: information leak).
SUSE has updated ntp (SLES10-SP4: many vulnerabilities).