Gentoo Linux Security Advisory 201701-68 – Multiple vulnerabilities have been found in FreeImage, the worst of which may allow execution of arbitrary code. Versions less than 3.15.4-r1 are affected.

Gentoo Linux Security Advisory 201701-69 – A vulnerability in Ark might allow remote attackers to execute arbitrary code. Versions less than 16.08.3-r1 are affected.

Gentoo Linux Security Advisory 201701-70 – A vulnerability in Firewalld allows firewall configurations to be modified by unauthenticated users. Versions less than 0.4.3.3 are affected.

Gentoo Linux Security Advisory 201701-71 – Multiple vulnerabilities have been found in FFmpeg, the worst of which may allow remote attackers to cause a Denial of Service condition. Versions less than 2.8.10 are affected.

Debian Linux Security Advisory 3772-1 – Tobias Stoeckmann discovered that the libXpm library contained two integer overflow flaws, leading to a heap out-of-bounds write, while parsing XPM extensions in a file. An attacker can provide a specially crafted XPM file that, when processed by an application using the libXpm library, would cause a denial-of-service against the application, or potentially, the execution of arbitrary code with the privileges of the user running the application.

Slackware Security Advisory – New mozilla-thunderbird packages are available for Slackware 14.1, 14.2, and -current to fix security issues.

Ubuntu Security Notice 3175-1 – Multiple memory safety issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. JIT code allocation can allow a bypass of ASLR protections in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via application crash, or execute arbitrary code. Various other issues were also addressed.

Ubuntu Security Notice 3165-1 – Multiple memory safety issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. Andrew Krasichkov discovered that event handlers on elements were executed despite a Content Security Policy that disallowed inline JavaScript. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit this to conduct cross-site scripting attacks. Various other issues were also addressed.

Gentoo Linux Security Advisory 201701-66 – Multiple vulnerabilities have been found in the Chromium web browser, the worst of which allows remote attackers to execute arbitrary code. Versions less than 56.0.2924.76 are affected.

Gentoo Linux Security Advisory 201701-67 – A vulnerability in a2ps’ fixps script might allow remote attackers to execute arbitrary code. Versions less than 4.14-r5 are affected.