Gentoo Linux Security Advisory 201611-22 – Multiple vulnerabilities have been found in PHP, the worst of which could lead to arbitrary code execution or cause a Denial of Service condition. Versions less than 5.6.28 are affected.

Ubuntu Security Notice 3140-1 – It was discovered that data: URLs can inherit the wrong origin after a HTTP redirect in some circumstances. An attacker could potentially exploit this to bypass same-origin restrictions. A use-after-free was discovered in SVG animations. If a user were tricked in to opening a specially crafted website, an attacker could exploit this to cause a denial of service via application crash, or execute arbitrary code. Various other issues were also addressed.

Ubuntu Security Notice 3141-1 – Christian Holler, Jon Coppeard, Olli Pettay, Ehsan Akhgari, Gary Kwong, Tooru Fujisawa, and Randell Jesup discovered multiple memory safety issues in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code. A same-origin policy bypass was discovered with local HTML files in some circumstances. An attacker could potentially exploit this to obtain sensitive information. Various other issues were also addressed.

HP Security Bulletin HPSBGN03680 1 – Potential security vulnerabilities were identified in HPE Propel. The vulnerabilities could be exploited locally to allow escalation of privilege or Denial of Service (DoS). Revision 1 of this advisory.

HP Security Bulletin HPSBUX03665 3 – Potential security vulnerabilities have been identified in the HP-UX Tomcat-based Servlet Engine. These vulnerabilities could be exploited remotely to create a Denial of Service (DoS) or URL Redirection. Revision 3 of this advisory.

Gentoo Linux Security Advisory 201611-21 – Multiple vulnerabilities have been found in ImageMagick, the worst of which allows remote attackers to execute arbitrary code. Versions less than 6.9.6.2 are affected.