Red Hat has updated Kibana (RHOS3: two vulnerabilities).
Scientific Linux has updated thunderbird (multiple vulnerabilities).
SUSE has updated java-1_7_1-ibm (SLE11: three unspecified vulnerabilities).
At GUADEC 2016 in Karlsruhe, Germany, Jonathan Blandford challenged the GNOME project to rethink how its desktop software uses network access. The GNOME desktop assumes Internet connectivity is always available, which has the side effect of making the software stack considerably less useful and, indeed, usable to people who live in those places regarded as the developing world.
Debian has updated charybdis (incorrect SASL authentication).
Debian-LTS has updated libtomcrypt (signature forgery).
SUSE has updated Chromium (SPH for SLE12: multiple vulnerabilities).
Arch Linux has updated thunderbird (code execution).
Fedora has updated ca-certificates (F23: certificate update), ganglia (F24; F23: cross-site scripting), glibc (F23: denial of service), kernel (F24; F23: two vulnerabilities), lcms2 (F23: heap memory leak), and phpMyAdmin (F24: multiple vulnerabilities).
Scientific Linux has updated ipa (SL6,7: denial of service).
SUSE has updated kernel (SOSC5, SMP2.1, SM2.1, SLE11-SP3: multiple vulnerabilities).
The Z-Wave wireless home-automation protocol has been released to the public. In years past, the specification was only available to purchasers of the Z-Wave Alliance's development kit, forcing open-source implementations to reverse-engineer the protocol. The official press release notes that there are several such projects, including OpenZWave; Z-Wave support is also vital to higher-level Internet-of-Things abstraction systems like AllJoyn.
Debian has updated libidn (multiple vulnerabilities).
Debian-LTS has updated mailman (password disclosure).
Fedora has updated canl-c (F24; F23: proxy manipulation), krb5 (F23: denial of service), libksba (F24: denial of service), openvpn (F23: information disclosure), tomcat (F24; F23: denial of service), and webkitgtk4 (F23: multiple vulnerabilities).
openSUSE has updated karchive (SLE12: command execution).
Also of interest is this note on how the handling of CVE-2016-1513 went.
Debian-LTS has updated cacti (authentication bypass).
Red Hat has updated ipa (RHEL 6,7: denial of service).
Slackware has updated mozilla thunderbird (14.1, 14.2: unspecified vulnerabilities).