Multiple security vulnerabilities have been discovered in the Tomcat
servlet and JSP engine, which may result in information disclosure, the
bypass of CSRF protections, bypass of the SecurityManager or denial of
service.

Brandon Perry discovered that xerces-c, a validating XML parser library
for C++, fails to successfully parse a DTD that is deeply nested,
causing a stack overflow. A remote unauthenticated attacker can take
advantage of this flaw to cause a denial of service against applications
using the xerces-c library.

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.

It was discovered that pdfbox, a PDF library for Java, was susceptible
to XML External Entity attacks.

Several vulnerabilities were discovered in libxslt, an XSLT processing
runtime library, which could lead to information disclosure or
denial-of-service (application crash) against an application using the
libxslt library.

A privilege escalation vulnerability has been found in the User module
of the Drupal content management framework. For additional information,
please refer to the upstream advisory at
https://www.drupal.org/SA-CORE-2016-002.

Several vulnerabilities were found in PHP, a general-purpose scripting
language commonly used for web application development.

Several security issues have been corrected in multiple demuxers and
decoders of the libav multimedia library. A full list of the changes is
available at
https://git.libav.org/?p=libav.git;a=blob;f=Changelog;hb=refs/tags/v11.7

Multiple security issues have been found in Icedove, Debian’s version of
the Mozilla Thunderbird mail client: Multiple memory safety errors may
lead to the execution of arbitrary code or denial of service.

Marcin Icewall Noga of Cisco Talos discovered an out-of-bound read
vulnerability in the CInArchive::ReadFileItem method in p7zip, a 7zr
file archiver with high compression ratio. A remote attacker can take
advantage of this flaw to cause a denial-of-service or, potentially the
execution of arbitrary code with the privileges of the user running
p7zip, if a specially crafted UDF file is processed.