Ubuntu Security Notice 3245-1 – Hanno Boeck discovered that GStreamer Good Plugins did not correctly handle certain malformed media files. If a user were tricked into opening a crafted media file with a GStreamer application, an attacker could cause a denial of service via application crash.

Debian Linux Security Advisory 3823-1 – Ilja Van Sprundel discovered that the dmcrypt-get-device helper used to check if a given device is an encrypted device handled by devmapper, and used in eject, does not check return values from setuid() and setgid() when dropping privileges.

Ubuntu Security Notice 3247-1 – St=E9phane Graber discovered that AppArmor incorrectly unloaded some profiles when restarted or upgraded, contrary to expected behavior.

Ubuntu Security Notice 3244-1 – Hanno Boeck discovered that GStreamer Base Plugins did not correctly handle certain malformed media files. If a user were tricked into opening a crafted media file with a GStreamer application, an attacker could cause a denial of service via application crash.

Ubuntu Security Notice 3246-1 – Ilja Van Sprundel discovered that dmcrypt-get-device incorrectly checked setuid and setgid return values. A local attacker could use this issue to execute code as an administrator.

Gentoo Linux Security Advisory 201703-4 – A coding error has been found in cURL, causing the TLS Certificate Status Request extension check to always return true. Versions less than 7.53.0 are affected.