-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Advisory                                   MDVA-2015:003
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : apache
 Date    : March 31, 2015
 Affected: Business Server 2.0
 _______________________________________________________________________

 Problem Description:

 A regression was found with the MDVSA-2015:093 advisory that made
 the apache server fail to start due to faulty linking. This problem
 has now been fixed.
 _______________________________________________________________________

 Updated Packages:

 Mandriva Business Server 2/X86_64:
 fe55c0cfb54d308b28dae54059dcc709  mbs2/x86_64/apache-2.4.12-1.1.mbs2.x86_64.rpm
 cb2775508764706eaf392229fac3ca2b  mbs2/x86_64/apache-devel-2.4.12-1.1.mbs2.x86_64.rpm
 30b6d128d794f785563590a1a3979483  mbs2/x86_64/apache-doc-2.4.12-1.1.mbs2.noarch.r

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:186
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : phpmyadmin
 Date    : March 31, 2015
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been discovered and corrected in phpmyadmin:
 
 libraries/select_lang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9,
 4.2.x before 4.2.13.2, and 4.3.x before 4.3.11.1 includes invalid
 language values in unknown-language error responses that contain
 a CSRF token and may be sent with HTTP compression, which makes it
 easier for remote attackers to conduct a BREACH attack and determine
 this token via a series of crafted requests (CVE-2015-2206).
 
 This upgrade provides the latest phpmyadmin version (4.2.13.2

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:185
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : dokuwiki
 Date    : March 31, 2015
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Updated dokuwiki packages fix security vulnerabilities:
 
 inc/template.php in DokuWiki before 2014-05-05a only checks for
 access to the root namespace, which allows remote attackers to access
 arbitrary images via a media file details ajax call (CVE-2014-8761).
 
 The ajax_mediadiff function in DokuWiki before 2014-05-05a allows
 remote attackers to access arbitrary images via a crafted namespace
 in the ns parameter (CVE-2014-8762).
 
 DokuWiki before 2014-05-05b, when using Active Directory for LDAP
 authentication, allows r

Updated libxfont packages fix security vulnerabilities:

Ilja van Sprundel discovered that libXfont incorrectly handled font
metadata file parsing. A local attacker could use this issue to cause
libXfont to crash, or possibly execute arbitrary code in order to
gain privileges (CVE-2014-0209).

Ilja van Sprundel discovered that libXfont incorrectly handled X Font
Server replies. A malicious font server could return specially-crafted
data that could cause libXfont to crash, or possibly execute arbitrary
code (CVE-2014-0210, CVE-2014-0211).

The bdf parser reads a count for the number of properties defined
in a font from the font file, and allocates arrays with entries for
each property based on that count. It never checked to see if that
count was negative, or large enough to overflow when multiplied by
the size of the structures being allocated, and could thus allocate
the wrong buffer size, leading to out of bounds writes (CVE-2015-1802).

If the bdf parser failed to parse the data for the bitmap for any
character, it would proceed with an invalid pointer to the bitmap
data and later crash when trying to read the bitmap from that pointer
(CVE-2015-1803).

The bdf parser read metrics values as 32-bit integers, but stored them
into 16-bit integers. Overflows could occur in various operations
leading to out-of-bounds memory access (CVE-2015-1804).

Update:

Packages for Mandriva Business Server 1 are now being provided.

Updated tcpdump package fixes security vulnerabilities:

Several vulnerabilities have been discovered in tcpdump. These
vulnerabilities might result in denial of service (application
crash) or, potentially, execution of arbitrary code (CVE-2015-0261,
CVE-2015-2153, CVE-2015-2154, CVE-2015-2155).

Updated wireshark package fixes security vulnerabilies:

The WCP dissector could crash (CVE-2015-2188).

The pcapng file parser could crash (CVE-2015-2189).

The TNEF dissector could go into an infinite loop (CVE-2015-2191).

Updated libtiff packages fix security vulnerabilities:

The libtiff image decoder library contains several issues that
could cause the decoder to crash when reading crafted TIFF images
(CVE-2014-8127, CVE-2014-8128, CVE-2014-8129, CVE-2014-8130,
CVE-2014-9655, CVE-2015-1547).

Update:

Packages for Mandriva Business Server 1 are now being provided.

Multiple vulnerabilities has been found and corrected in binutils:

Multiple integer overflows in the (1) _objalloc_alloc function in
objalloc.c and (2) objalloc_alloc macro in include/objalloc.h in GNU
libiberty, as used by binutils 2.22, allow remote attackers to cause
a denial of service (crash) via vectors related to the addition of
CHUNK_HEADER_SIZE to the length, which triggers a heap-based buffer
overflow (CVE-2012-3509).

The srec_scan function in bfd/srec.c in libdbfd in GNU binutils
before 2.25 allows remote attackers to cause a denial of service
(out-of-bounds read) via a small S-record (CVE-2014-8484).

The setup_group function in bfd/elf.c in libbfd in GNU binutils 2.24
and earlier allows remote attackers to cause a denial of service
(crash) and possibly execute arbitrary code via crafted section group
headers in an ELF file (CVE-2014-8485).

The _bfd_XXi_swap_aouthdr_in function in bfd/peXXigen.c in GNU binutils
2.24 and earlier allows remote attackers to cause a denial of service
(out-of-bounds write) and possibly have other unspecified impact via a
crafted NumberOfRvaAndSizes field in the AOUT header in a PE executable
(CVE-2014-8501).

Heap-based buffer overflow in the pe_print_edata function in
bfd/peXXigen.c in GNU binutils 2.24 and earlier allows remote
attackers to cause a denial of service (crash) and possibly have
other unspecified impact via a truncated export table in a PE file
(CVE-2014-8502).

Stack-based buffer overflow in the ihex_scan function in bfd/ihex.c
in GNU binutils 2.24 and earlier allows remote attackers to cause a
denial of service (crash) and possibly have other unspecified impact
via a crafted ihex file (CVE-2014-8503).

Stack-based buffer overflow in the srec_scan function in bfd/srec.c
in GNU binutils 2.24 and earlier allows remote attackers to cause a
denial of service (crash) and possibly have other unspecified impact
via a crafted file (CVE-2014-8504).

Multiple directory traversal vulnerabilities in GNU binutils 2.24 and
earlier allow local users to delete arbitrary files via a .. (dot dot)
or full path name in an archive to (1) strip or (2) objcopy or create
arbitrary files via (3) a .. (dot dot) or full path name in an archive
to ar (CVE-2014-8737).

The _bfd_slurp_extended_name_table function in bfd/archive.c in GNU
binutils 2.24 and earlier allows remote attackers to cause a denial of
service (invalid write, segmentation fault, and crash) via a crafted
extended name table in an archive (CVE-2014-8738).

The updated packages provides a solution for these security issues.

Update:

Packages for Mandriva Business Server 2 are now being provided.

Updated apache-mod_wsgi package fixes security vulnerabilities:

apache-mod_wsgi before 4.2.4 contained an off-by-one error in
applying a limit to the number of supplementary groups allowed for
a daemon process group. The result could be that if more groups
than the operating system allowed were specified to the option
supplementary-groups, then memory corruption or a process crash
could occur.

It was discovered that mod_wsgi incorrectly handled errors when
setting up the working directory and group access rights. A malicious
application could possibly use this issue to cause a local privilege
escalation when using daemon mode (CVE-2014-8583).

Updated drupal packages fix security vulnerabilities:

An information disclosure vulnerability was discovered in Drupal
before 7.27. When pages are cached for anonymous users, form state
may leak between anonymous users. Sensitive or private information
recorded for one anonymous user could thus be disclosed to other
users interacting with the same form at the same time (CVE-2014-2983).

Multiple security issues in Drupal before 7.29, including a denial
of service issue, an access bypass issue in the File module, and
multiple cross-site scripting issues (CVE-2014-5019, CVE-2014-5020,
CVE-2014-5021, CVE-2014-5022).

A denial of service issue exists in Drupal before 7.31, due to XML
entity expansion in a publicly accessible XML-RPC endpoint.

An SQL Injection issue exists in Drupal before 7.32 due to the way
the Drupal core handles prepared statements. A malicious user can
inject arbitrary SQL queries, and thereby completely control the
Drupal site. This vulnerability can be exploited by remote attackers
without any kind of authentication required (CVE-2014-3704).

Aaron Averill discovered that a specially crafted request can give a
user access to another user’s session, allowing an attacker to hijack
a random session (CVE-2014-9015).

Michael Cullum, Javier Nieto and Andres Rojas Guerrero discovered
that the password hashing API allows an attacker to send specially
crafted requests resulting in CPU and memory exhaustion. This may lead
to the site becoming unavailable or unresponsive (denial of service)
(CVE-2014-9016). anonymous users (CVE-2014-9016).

Password reset URLs can be forged under certain circumstances, allowing
an attacker to gain access to another user’s account without knowing
the account’s password (CVE-2015-2559).

Under certain circumstances, malicious users can construct a URL
that will trick users into being redirected to a 3rd party website,
thereby exposing the users to potential social engineering attacks. In
addition, several URL-related API functions in Drupal 6 and 7 can be
tricked into passing through external URLs when not intending to,
potentially leading to additional open redirect vulnerabilities
(CVE-2015-2749, CVE-2015-2750).

The drupal package has been updated to version 7.35 to fix this
issue and other bugs. See the upstream advisory and release notes
for more details.