Updated curl packages fix security vulnerabilities:

NTLM-authenticated connections could be wrongly reused for requests
without any credentials set, leading to HTTP requests being sent over
the connection authenticated as a different user (CVE-2015-3143).

When parsing HTTP cookies, if the parsed cookie’s path element consists
of a single double-quote, libcurl would try to write to an invalid
heap memory address. This could allow remote attackers to cause a
denial of service (crash) (CVE-2015-3145).

When doing HTTP requests using the Negotiate authentication
method along with NTLM, the connection used would not be marked
as authenticated, making it possible to reuse it and send requests
for one user over the connection authenticated as a different user
(CVE-2015-3148).

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Advisory                                   MDVA-2015:010
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : timezone
 Date    : May 4, 2015
 Affected: Business Server 1.0, Business Server 2.0
 _______________________________________________________________________

 Problem Description:

 This is a maintenance and bugfix release that upgrades the timezone
 data packages and the php-timezonedb packages to the 2015d version.
 _______________________________________________________________________

 Updated Packages:

 Mandriva Business Server 1/X86_64:
 1d493b57714e045b6ba324982191397e  mbs1/x86_64/timezone-2015d-1.mbs1.x86_64.rpm
 f2073a5c328b90acbabc57bae0e1481b  mbs1/x86_64/timezone-java-2015d-1.mbs1.x86_64.rpm 
 e41aafa67d05f096cd21c7bfec1cb086  mbs1/SRPMS/timezone-2015d-1.mbs1.src.rpm

 Mandr

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:226
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : fcgi
 Date    : May 4, 2015
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Updated fcgi packages fix security vulnerability:
 
 FCGI does not perform range checks for file descriptors before use of
 the FD_SET macro.  This FD_SET macro could allow for more than 1024
 total file descriptors to be monitored in the closing state. This
 may allow remote attackers to cause a denial of service (stack memory
 corruption, and infinite loop or daemon crash) by opening many socket
 connections to the host and crashing the service (CVE-2012-6687).
 _______________________________________________________________________

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:225
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : cherokee
 Date    : May 4, 2015
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Updated cherokee packages fix security vulnerability:
 
 The cherokee_validator_ldap_check function in validator_ldap.c in
 Cherokee  1.2.103 and earlier, when LDAP is used, does not properly
 consider unauthenticated-bind semantics, which allows remote attackers
 to bypass authentication via an empty password (CVE-2014-4668).
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4668
 http://advisories.mageia.org/MGASA-2015-0181.html
 _______

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:224
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : ruby
 Date    : May 4, 2015
 Affected: Business Server 1.0, Business Server 2.0
 _______________________________________________________________________

 Problem Description:

 Updated ruby packages fix security vulnerability:
 
 Ruby OpenSSL hostname matching implementation violates RFC 6125
 (CVE-2015-1855).
 
 The ruby packages for MBS2 has been updated to version 2.0.0-p645,
 which fixes this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1855
 http://advisories.mageia.org/MGASA-2015-0178.html
 _______________________________________________________________________

 Updated Package

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:223
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : directfb
 Date    : May 4, 2015
 Affected: Business Server 1.0, Business Server 2.0
 _______________________________________________________________________

 Problem Description:

 Updated directfb packages fix security vulnerabilities:
 
 Multiple integer signedness errors in the Dispatch_Write function
 in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB allow
 remote attackers to cause a denial of service (crash) and possibly
 execute arbitrary code via the Voodoo interface, which triggers a
 stack-based buffer overflow (CVE-2014-2977).
 
 The Dispatch_Write function in
 proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB allows
 remote attackers to cause a denial of s

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:222
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : ppp
 Date    : May 4, 2015
 Affected: Business Server 1.0, Business Server 2.0
 _______________________________________________________________________

 Problem Description:

 Updated ppp packages fix security vulnerability:
 
 Emanuele Rocca discovered that ppp was subject to a buffer
 overflow when communicating with a RADIUS server. This would allow
 unauthenticated users to cause a denial-of-service by crashing the
 daemon (CVE-2015-3310).
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3310
 http://advisories.mageia.org/MGASA-2015-0173.html
 ________________________________________________

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:221
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : clamav
 Date    : May 4, 2015
 Affected: Business Server 1.0, Business Server 2.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been found and corrected in clamav:
 
 Fix infinite loop condition on crafted y0da cryptor file. Identified
 and patch suggested by Sebastian Andrzej Siewior (CVE-2015-2221).
 
 Fix crash on crafted petite packed file. Reported and patch supplied
 by Sebastian Andrzej Siewior (CVE-2015-2222).
 
 Fix an infinite loop condition on a crafted xz archive file. This
 was reported by Dimitri Kirchner and Goulven Guiheux (CVE-2015-2668).
 
 Apply upstream patch for possible heap overflow in H

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:220
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : curl
 Date    : May 4, 2015
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Updated curl packages fix security vulnerabilities:
 
 NTLM-authenticated connections could be wrongly reused for requests
 without any credentials set, leading to HTTP requests being sent over
 the connection authenticated as a different user (CVE-2015-3143).
 
 When doing HTTP requests using the Negotiate authentication
 method along with NTLM, the connection used would not be marked
 as authenticated, making it possible to reuse it and send requests
 for one user over the connection authenticated as a different user
 (CVE-2015-3148)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:219
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : curl
 Date    : May 4, 2015
 Affected: Business Server 2.0
 _______________________________________________________________________

 Problem Description:

 Updated curl packages fix security vulnerabilities:
 
 NTLM-authenticated connections could be wrongly reused for requests
 without any credentials set, leading to HTTP requests being sent over
 the connection authenticated as a different user (CVE-2015-3143).
 
 When parsing HTTP cookies, if the parsed cookie's path element consists
 of a single double-quote, libcurl would try to write to an invalid
 heap memory address. This could allow remote attackers to cause a
 denial of service (crash) (CVE-2015-3145).
 
 When doing HTTP re