-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:099
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : python-pillow
 Date    : March 28, 2015
 Affected: Business Server 2.0
 _______________________________________________________________________

 Problem Description:

 Updated python-imaging packages fix security vulnerabilities:
 
 Jakub Wilk discovered that temporary files were insecurely created
 (via mktemp()) in the IptcImagePlugin.py, Image.py, JpegImagePlugin.py,
 and EpsImagePlugin.py files of Python Imaging Library. A local attacker
 could use this flaw to perform a symbolic link attack to modify an
 arbitrary file accessible to the user running an application that
 uses the Python Imaging Library (CVE-2014-1932).
 
 Jakub Wilk discovered that temporary files created in the
 Jpeg

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:098
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : curl
 Date    : March 28, 2015
 Affected: Business Server 2.0
 _______________________________________________________________________

 Problem Description:

 Updated curl packages fix security vulnerabilities:
 
 Paras Sethia discovered that libcurl would sometimes mix up multiple
 HTTP and HTTPS connections with NTLM authentication to the same server,
 sending requests for one user over the connection authenticated as
 a different user (CVE-2014-0015).
 
 libcurl can in some circumstances re-use the wrong connection when
 asked to do transfers using other protocols than HTTP and FTP, causing
 a transfer that was initiated by an application to wrongfully re-use
 an existing connection to

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:097
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : php-ZendFramework
 Date    : March 28, 2015
 Affected: Business Server 2.0
 _______________________________________________________________________

 Problem Description:

 Updated php-ZendFramework packages fix multiple vulnerabilities:
 
 XML eXternal Entity (XXE) and XML Entity Expansion (XEE) flaws were
 discovered in the Zend Framework. An attacker could use these flaws
 to cause a denial of service, access files accessible to the server
 process, or possibly perform other more advanced XML External Entity
 (XXE) attacks (CVE-2014-2681, CVE-2014-2682, CVE-2014-2683).
 
 Using the Consumer component of Zend_OpenId, it is possible to
 login using an arbitrary OpenID account (without kno

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:096
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : stunnel
 Date    : March 28, 2015
 Affected: Business Server 2.0
 _______________________________________________________________________

 Problem Description:

 Updated stunnel package fixes security vulnerability:
 
 A flaw was found in the way stunnel, a socket wrapper which can provide
 SSL support to ordinary applications, performed (re)initialization of
 PRNG after fork. When accepting a new connection, the server forks and
 the child process handles the request. The RAND_bytes() function of
 openssl doesn't reset its state after the fork, but seeds the PRNG
 with the output of time(NULL). The most important consequence is
 that servers using EC (ECDSA) or DSA certificates may 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:095
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : openssh
 Date    : March 28, 2015
 Affected: Business Server 2.0
 _______________________________________________________________________

 Problem Description:

 Updated openssh packages fix security vulnerabilities:
 
 sshd in OpenSSH before 6.6 does not properly support wildcards
 on AcceptEnv lines in sshd_config, which allows remote attackers to
 bypass intended environment restrictions by using a substring located
 before a wildcard character (CVE-2014-2532).
 
 Matthew Vernon reported that if a SSH server offers a HostCertificate
 that the ssh client doesn't accept, then the client doesn't check
 the DNS for SSHFP records. As a consequence a malicious server can
 disable S

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:094
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : nginx
 Date    : March 28, 2015
 Affected: Business Server 2.0
 _______________________________________________________________________

 Problem Description:

 Updated nginx package fixes security vulnerabilities:
 
 A bug in the experimental SPDY implementation in nginx was found,
 which might allow an attacker to cause a heap memory buffer overflow
 in a worker process by using a specially crafted request, potentially
 resulting in arbitrary code execution (CVE-2014-0133).
 
 Antoine Delignat-Lavaud and Karthikeyan Bhargavan discovered that
 it was possible to reuse cached SSL sessions in unrelated contexts,
 allowing virtual host confusion attacks in some configurations by an
 attacker

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:093
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : apache
 Date    : March 28, 2015
 Affected: Business Server 2.0
 _______________________________________________________________________

 Problem Description:

 Updated apache packages fix security vulnerabilities:
 
 Apache HTTPD before 2.4.9 was vulnerable to a denial of service in
 mod_dav when handling DAV_WRITE requests (CVE-2013-6438).
 
 Apache HTTPD before 2.4.9 was vulnerable to a denial of service when
 logging cookies (CVE-2014-0098).
 
 A race condition flaw, leading to heap-based buffer overflows,
 was found in the mod_status httpd module. A remote attacker able to
 access a status page served by mod_status on a server using a threaded
 Multi-Processing Module (MPM) could sen

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:092
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : net-snmp
 Date    : March 28, 2015
 Affected: Business Server 2.0
 _______________________________________________________________________

 Problem Description:

 Updated net-snmp packages fix security vulnerabilities:
 
 Remotely exploitable denial of service vulnerability in Net-SNMP,
 in the Linux implementation of the ICMP-MIB, making the SNMP
 agent vulnerable if it is making use of the ICMP-MIB table objects
 (CVE-2014-2284).
 
 Remotely exploitable denial of service vulnerability in Net-SNMP,
 in snmptrapd, due to how it handles trap requests with an empty
 community string when the perl handler is enabled (CVE-2014-2285).
 
 A remote denial-of-service flaw was found in the way snm

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:091
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : mariadb
 Date    : March 28, 2015
 Affected: Business Server 2.0
 _______________________________________________________________________

 Problem Description:

 This update provides MariaDB 5.5.42, which fixes several security
 issues and other bugs. Please refer to the Oracle Critical Patch Update
 Advisories and the Release Notes for MariaDB for further information
 regarding the security vulnerabilities.
 
 Additionally the jemalloc packages is being provided as it was
 previousely provided with the mariadb source code, built and used
 but removed from the mariadb source code since 5.5.40.
 _______________________________________________________________________

 References:

 http://