Elefant CMS version 1.3.12-RC suffers from multiple cross site request forgery vulnerabilities.

Simplessus Files version 3.7.7 suffers from a path traversal vulnerability.

Ubuntu Security Notice 3201-1 – It was discovered that Bind incorrectly handled rewriting certain query responses when using both DNS64 and RPZ. A remote attacker could possibly use this issue to cause Bind to crash, resulting in a denial of service.

Ubuntu Security Notice 3199-1 – It was discovered that the ALGnew function in block_templace.c in the Python Cryptography Toolkit contained a heap-based buffer overflow vulnerability. A remote attacker could use this flaw to execute arbitrary code by using a crafted initialization vector parameter.

Debian Linux Security Advisory 3790-1 – Several vulnerabilities were discovered in spice, a SPICE protocol client and server library.

Gentoo Linux Security Advisory 201702-9 – Multiple vulnerabilities have been found in ImageMagick, the worst of which allows remote attackers to execute arbitrary code. Versions less than 6.9.7.4 are affected.

Ubuntu Security Notice 3199-2 – USN-3199-1 fixed a vulnerability in the Python Cryptography Toolkit. Unfortunately, various programs depended on the original behavior of the Python Cryptography Toolkit which was altered when fixing the vulnerability. This update retains the fix for the vulnerability but issues a warning rather than throwing an exception. Code which produces this warning should be updated because future versions of the Python Cryptography Toolkit re-introduce the exception. Various other issues were also addressed.

Ubuntu Security Notice 3200-1 – A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.