-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:087
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : egroupware
 Date    : March 28, 2015
 Affected: Business Server 2.0
 _______________________________________________________________________

 Problem Description:

 Updated egroupware packages fix security vulnerabilities:
 
 eGroupware prior to 1.8.006.20140217 is vulnerable to remote file
 deletion and possible remote code execution due to user input being
 passed to PHP's unserialize() method (CVE-2014-2027).
 
 eGroupWare before 1.8.007 allows logged in users with administrative
 priviledges to remotely execute arbitrary commands on the server.
 It is also vulnerable to a cross site request forgery vulnerability
 that allows creating new administrative users.
 ___________________