Mageia has updated ruby-eventmachine (denial of service).
openSUSE has updated bsdiff (Leap42.1, 13.2: denial of service), Chromium (Leap42.1, 13.2; SPH for SLE12: multiple vulnerabilities), java-1_8_0-openjdk (13.2: multiple vulnerabilities), libvirt (Leap42.1: authentication bypass), redis (Leap42.1, 13.2; SPH for SLE12: information leak), and wireshark (Leap42.1, 13.2: multiple vulnerabilities).
The Let's Encrypt project, which provides a free SSL/TLS certificate authority (CA), has announced that Mozilla has accepted the project's root key into the Mozilla root program and will be trusted by default as of Firefox 50. This is a step forward from Let's Encrypt's earlier status. "In order to start issuing widely trusted certificates as soon as possible, we partnered with another CA, IdenTrust, which has a number of existing trusted roots. As part of that partnership, an IdenTrust root 'vouches for' the certificates that we issue, thus making our certificates trusted. We’re incredibly grateful to IdenTrust for helping us to start carrying out our mission as soon as possible. However, our plan has always been to operate as an independently trusted CA. Having our root trusted directly by the Mozilla root program represents significant progress towards that independence." The project has also applied for inclusion the CA trust roots maintained by Apple, Microsoft, Google, Oracle, and Blackberry. News on those programs is still pending.
Debian has updated openjdk-7 (multiple vulnerabilities).
Fedora has updated collectd (F23; F24: code execution), dietlibc (F23; F24: insecure default PATH), perl (F24: privilege escalation), perl-DBD-MySQL (F24: code execution), and python-autobahn (F24: insecure origin validation).
openSUSE has updated MozillaFirefox, mozilla-nss (13.2, Leap 42.1: multiple vulnerabilities).
Scientific Linux has updated squid (SL6: code execution).
SUSE has updated kernel (SLE12-LP: multiple vulnerabilities).
Ubuntu has updated firefox (12.04, 14.04, 16.04: multiple vulnerabilities), libreoffice (12.04: code execution), oxide-qt (14.04, 16.04: multiple vulnerabilities), and qemu, qemu-kvm (12.04, 14.04, 16.04: multiple vulnerabilities).
Red Hat has updated squid (RHEL6: code execution).
Scientific Linux has updated firefox (multiple vulnerabilities), golang (SL7: denial of service), kernel (SL7: three vulnerabilities, one from 2015), and libtiff (SL7: multiple vulnerabilities, including some from 2014 and 2015).
SUSE has updated hawk2 (SLE12: clickjacking prevention).