Every month like clockwork now, Google is going to be posting security updates for their Nexus devices to keep things up to date and as safe as possible, following their announcement earlier on in the year that they would be pushing out updates every month to patch known security issues. For the month of November it seems Google has just posted up the latest factory images for a bunch of Nexus devices for the most recent security software updates, and those who have any of the compatible devices can hop over to the factory image page to grab the correct downloads.
Note that all of the devices will be listed by name and the most recent links will be at the bottom of the category listing for that particular device on the factory image page, and if you're familiar with the process of flashing a factory image to grab the latest version of software then you can now go ahead and do so to complete the process. If you aren't familiar with how to flash a factory image, you're better off waiting for the over-the-air update to hit your device specifically as you won't have to do anything but pull down the software download from an incoming notification. The good news is that Google states they have also started pushing the OTA updates as of today, so between now and the next week or so users with supported Nexus phones and tablets should start to see those updates coming in.
As for what the security updates fix, the most notable are also the only two which have a severity level of "critical" which is the threat level assessed by Google after the time of reporting and first discovery of the issue. Those are both related to the remote code execution, and are labeled as "Remote Code Execution Vulnerabilities in Mediaserver" and "Remote Code Execution Vulnerabilities in libutils." In addition to putting out the factory images for Nexus devices as well as pushing out the OTA updates, Google mentions that they will posting the source code for these security patches up to the Android Open Source Project repository over the next 48 hours, which is where developers and manufacturers can then take the code from there to work with it and push it to their own respective device lineups.