-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:067
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : e2fsprogs
 Date    : March 27, 2015
 Affected: Business Server 2.0
 _______________________________________________________________________

 Problem Description:

 Updated e2fsprogs packages fix security vulnerabilities:
 
 The libext2fs library, part of e2fsprogs and utilized by its utilities,
 is affected by a boundary check error on block group descriptor
 information, leading to a heap based buffer overflow. A specially
 crafted filesystem image can be used to trigger the vulnerability
 (CVE-2015-0247).
 
 The libext2fs library, part of e2fsprogs and utilized by its utilities,
 is affected by a boundary check error on block group descriptor
 information, leading to a heap based buffer

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:066
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : cpio
 Date    : March 27, 2015
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Updated cpio package fixes security vulnerability:
 
 In GNU Cpio 2.11, the --no-absolute-filenames option limits
 extracting contents of an archive to be strictly inside a current
 directory. However, it can be bypassed with symlinks. While extracting
 an archive, it will extract symlinks and then follow them if they
 are referenced in further entries. This can be exploited by a rogue
 archive to write files outside the current directory (CVE-2015-1197).
 _______________________________________________________________________

 Ref

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:065
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : cpio
 Date    : March 27, 2015
 Affected: Business Server 2.0
 _______________________________________________________________________

 Problem Description:

 Updated cpio package fixes security vulnerabilities:
 
 Heap-based buffer overflow in the process_copy_in function in GNU
 Cpio 2.11 allows remote attackers to cause a denial of service via
 a large block value in a cpio archive (CVE-2014-9112).
 
 Additionally, a null pointer dereference in the copyin_link function
 which could cause a denial of service has also been fixed.
 
 In GNU Cpio 2.11, the --no-absolute-filenames option limits
 extracting contents of an archive to be strictly inside a current
 directory. However, it can be

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:064
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : cabextract
 Date    : March 27, 2015
 Affected: Business Server 1.0, Business Server 2.0
 _______________________________________________________________________

 Problem Description:

 Updated cabextract packages fix security vulnerabilities:
 
 Libmspack, a library to provide compression and decompression of
 some file formats used by Microsoft, is embedded in cabextract. A
 specially crafted cab file can cause cabextract to hang forever. If
 cabextract is exposed to any remotely-controlled user input, this
 issue can cause a denial-of-service (CVE-2014-9556).
 
 A directory traversal issue in cabextract allows writing to locations
 outside of the current working directory, when extract

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:063
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : openssl
 Date    : March 27, 2015
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been discovered and corrected in openssl:
 
 The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before
 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k allows remote SSL
 servers to conduct RSA-to-EXPORT_RSA downgrade attacks and facilitate
 brute-force decryption by offering a weak ephemeral RSA key in a
 noncompliant role, related to the FREAK issue. NOTE: the scope of
 this CVE is only client code based on OpenSSL, not EXPORT_RSA issues
 associated with servers or other TLS implementa

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:062
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : openssl
 Date    : March 27, 2015
 Affected: Business Server 2.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been discovered and corrected in openssl:
 
 Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL
 through 1.0.1g, when SSL_MODE_RELEASE_BUFFERS is enabled, allows
 remote attackers to inject data across sessions or cause a denial of
 service (use-after-free and parsing error) via an SSL connection in
 a multithreaded environment (CVE-2010-5298).
 
 The Montgomery ladder implementation in OpenSSL through 1.0.0l does
 not ensure that certain swap operations have a constant-time behavio

Updated yaml packages fix security vulnerabilities:

Florian Weimer of the Red Hat Product Security Team discovered a
heap-based buffer overflow flaw in LibYAML, a fast YAML 1.1 parser
and emitter library. A remote attacker could provide a YAML document
with a specially-crafted tag that, when parsed by an application
using libyaml, would cause the application to crash or, potentially,
execute arbitrary code with the privileges of the user running the
application (CVE-2013-6393).

Ivan Fratric of the Google Security Team discovered a heap-based buffer
overflow vulnerability in LibYAML, a fast YAML 1.1 parser and emitter
library. A remote attacker could provide a specially-crafted YAML
document that, when parsed by an application using libyaml, would cause
the application to crash or, potentially, execute arbitrary code with
the privileges of the user running the application (CVE-2014-2525).

An assertion failure was found in the way the libyaml library parsed
wrapped strings. An attacker able to load specially crafted YAML input
into an application using libyaml could cause the application to crash
(CVE-2014-9130).

Updated qemu packages fix multiple security vulnerabilities:

Sibiao Luo discovered that QEMU incorrectly handled device
hot-unplugging. A local user could possibly use this flaw to cause
a denial of service (CVE-2013-4377).

Michael S. Tsirkin discovered that QEMU incorrectly handled vmxnet3
devices. A local guest could possibly use this issue to cause a
denial of service, or possibly execute arbitrary code on the host
(CVE-2013-4544).

Multiple integer overflow, input validation, logic error, and buffer
overflow flaws were discovered in various QEMU block drivers. An
attacker able to modify a disk image file loaded by a guest could
use these flaws to crash the guest, or corrupt QEMU process memory
on the host, potentially resulting in arbitrary code execution on
the host with the privileges of the QEMU process (CVE-2014-0143,
CVE-2014-0144, CVE-2014-0145, CVE-2014-0147).

A buffer overflow flaw was found in the way the virtio_net_handle_mac()
function of QEMU processed guest requests to update the table of MAC
addresses. A privileged guest user could use this flaw to corrupt
QEMU process memory on the host, potentially resulting in arbitrary
code execution on the host with the privileges of the QEMU process
(CVE-2014-0150).

A divide-by-zero flaw was found in the seek_to_sector() function of
the parallels block driver in QEMU. An attacker able to modify a disk
image file loaded by a guest could use this flaw to crash the guest
(CVE-2014-0142).

A NULL pointer dereference flaw was found in the QCOW2 block driver
in QEMU. An attacker able to modify a disk image file loaded by a
guest could use this flaw to crash the guest (CVE-2014-0146).

It was found that the block driver for Hyper-V VHDX images did not
correctly calculate BAT (Block Allocation Table) entries due to
a missing bounds check. An attacker able to modify a disk image
file loaded by a guest could use this flaw to crash the guest
(CVE-2014-0148).

An out-of-bounds memory access flaw was found in the way QEMU’s
IDE device driver handled the execution of SMART EXECUTE OFFLINE
commands. A privileged guest user could use this flaw to corrupt
QEMU process memory on the host, which could potentially result in
arbitrary code execution on the host with the privileges of the QEMU
process (CVE-2014-2894).

Two integer overflow flaws were found in the QEMU block driver for
QCOW version 1 disk images. A user able to alter the QEMU disk image
files loaded by a guest could use either of these flaws to corrupt
QEMU process memory on the host, which could potentially result in
arbitrary code execution on the host with the privileges of the QEMU
process (CVE-2014-0222, CVE-2014-0223).

Multiple buffer overflow, input validation, and out-of-bounds write
flaws were found in the way the virtio, virtio-net, virtio-scsi, and
usb drivers of QEMU handled state loading after migration. A user
able to alter the savevm data (either on the disk or over the wire
during migration) could use either of these flaws to corrupt QEMU
process memory on the (destination) host, which could potentially
result in arbitrary code execution on the host with the privileges
of the QEMU process (CVE-2013-4148, CVE-2013-4151, CVE-2013-4535,
CVE-2013-4536, CVE-2013-4541, CVE-2013-4542, CVE-2013-6399,
CVE-2014-0182, CVE-2014-3461).

An information leak flaw was found in the way QEMU’s VGA emulator
accessed frame buffer memory for high resolution displays. A privileged
guest user could use this flaw to leak memory contents of the host to
the guest by setting the display to use a high resolution in the guest
(CVE-2014-3615).

When guest sends udp packet with source port and source addr 0,
uninitialized socket is picked up when looking for matching and already
created udp sockets, and later passed to sosendto() where NULL pointer
dereference is hit during so->slirp->vnetwork_mask.s_addr access Only
guests using qemu user networking are affected (CVE-2014-3640).

The Advanced Threat Research team at Intel Security reported that guest
provided parameter were insufficiently validated in rectangle functions
in the vmware-vga driver. A privileged guest user could use this flaw
to write into qemu address space on the host, potentially escalating
their privileges to those of the qemu host process (CVE-2014-3689).

It was discovered that QEMU incorrectly handled USB xHCI controller
live migration. An attacker could possibly use this issue to cause a
denial of service, or possibly execute arbitrary code (CVE-2014-5263).

James Spadaro of Cisco reported insufficiently sanitized bits_per_pixel
from the client in the QEMU VNC display driver. An attacker having
access to the guest’s VNC console could use this flaw to crash the
guest (CVE-2014-7815).

During migration, the values read from migration stream during ram load
are not validated. Especially offset in host_from_stream_offset() and
also the length of the writes in the callers of the said function. A
user able to alter the savevm data (either on the disk or over the
wire during migration) could use either of these flaws to corrupt QEMU
process memory on the (destination) host, which could potentially
result in arbitrary code execution on the host with the privileges
of the QEMU process (CVE-2014-7840).

Paolo Bonzini of Red Hat discovered that the blit region checks were
insufficient in the Cirrus VGA emulator in qemu. A privileged guest
user could use this flaw to write into qemu address space on the host,
potentially escalating their privileges to those of the qemu host
process (CVE-2014-8106).

This update also provides usbredirparser 0.6 as a prerequisite of
qemu-1.6.2

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:061
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : qemu
 Date    : March 13, 2015
 Affected: Business Server 2.0
 _______________________________________________________________________

 Problem Description:

 Updated qemu packages fix multiple security vulnerabilities:
 
 Sibiao Luo discovered that QEMU incorrectly handled device
 hot-unplugging. A local user could possibly use this flaw to cause
 a denial of service (CVE-2013-4377).
 
 Michael S. Tsirkin discovered that QEMU incorrectly handled vmxnet3
 devices. A local guest could possibly use this issue to cause a
 denial of service, or possibly execute arbitrary code on the host
 (CVE-2013-4544).
 
 Multiple integer overflow, input validation, logic error, and buffer
 overflow flaws 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:060
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : yaml
 Date    : March 13, 2015
 Affected: Business Server 2.0
 _______________________________________________________________________

 Problem Description:

 Updated yaml packages fix security vulnerabilities:
 
 Florian Weimer of the Red Hat Product Security Team discovered a
 heap-based buffer overflow flaw in LibYAML, a fast YAML 1.1 parser
 and emitter library. A remote attacker could provide a YAML document
 with a specially-crafted tag that, when parsed by an application
 using libyaml, would cause the application to crash or, potentially,
 execute arbitrary code with the privileges of the user running the
 application (CVE-2013-6393).
 
 Ivan Fratric of the Google Security Team di