Ubuntu Security Notice 2531-1 – Matthew Daley discovered that Requests incorrectly handled cookies without host values when being redirected. A remote attacker could possibly use this issue to perform session fixation or cookie stealing attacks.

Ubuntu Security Notice 2532-1 – It was discovered that cups-browsed incorrectly filtered remote printer names and strings. A remote attacker could use this issue to possibly execute arbitrary commands.

Debian Linux Security Advisory 3191-1 – Multiple vulnerabilities have been discovered in GnuTLS, a library implementing the TLS and SSL protocols.

Mandriva Linux Security Advisory 2015-061 – Sibiao Luo discovered that QEMU incorrectly handled device hot-unplugging. A local user could possibly use this flaw to cause a denial of service. Michael S. Tsirkin discovered that QEMU incorrectly handled vmxnet3 devices. A local guest could possibly use this issue to cause a denial of service, or possibly execute arbitrary code on the host. Multiple integer overflow, input validation, logic error, and buffer overflow flaws were discovered in various QEMU block drivers. An attacker able to modify a disk image file loaded by a guest could use these flaws to crash the guest, or corrupt QEMU process memory on the host, potentially resulting in arbitrary code execution on the host with the privileges of the QEMU process. Various other issues have also been addressed.

Ubuntu Security Notice 2533-1 – Jakub Wilk and Stephane Chazelas discovered that Sudo incorrectly handled the TZ environment variable. An attacker with Sudo access could possibly use this issue to open arbitrary files, bypassing intended permissions.

Debian Linux Security Advisory 3187-1 – Several vulnerabilities were discovered in the International Components for Unicode (ICU) library.

Debian Linux Security Advisory 3188-1 – Mateusz Jurczyk discovered multiple vulnerabilities in Freetype. Opening malformed fonts may result in denial of service or the execution of arbitrary code.

Debian Linux Security Advisory 3190-1 – Patrick Coleman discovered that the Putty SSH client failed to wipe out unused sensitive memory.

Debian Linux Security Advisory 3189-1 – Several security issues have been corrected in multiple demuxers and decoders of the libav multimedia library.

Gentoo Linux Security Advisory 201503-7 – An out-of-bounds error in hivex may result in execution of arbitrary code or Denial of Service. Versions less than 1.3.11 are affected.