-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2014:203
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : openssl
 Date    : October 23, 2014
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been discovered and corrected in openssl:
 
 OpenSSL has added support for TLS_FALLBACK_SCSV to allow applications
 to block the ability for a MITM attacker to force a protocol
 downgrade. Some client applications (such as browsers) will reconnect
 using a downgraded protocol to work around interoperability bugs in
 older servers. This could be exploited by an active man-in-the-middle
 to downgrade connections to SSL 3.0 even if both sides of the
 connection support higher protocols. SSL 3.0 contain