-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:086
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : libssh
 Date    : March 28, 2015
 Affected: Business Server 2.0
 _______________________________________________________________________

 Problem Description:

 Updated libssh packages fix security vulnerabilities:
 
 When using libssh before 0.6.3, a libssh-based server, when accepting
 a new connection, forks and the child process handles the request. The
 RAND_bytes() function of openssl doesn't reset its state after the
 fork, but simply adds the current process id (getpid) to the PRNG
 state, which is not guaranteed to be unique. The most important
 consequence is that servers using EC (ECDSA) or DSA certificates may
 under certain conditions leak their private key (CVE-2014-001