Updated cups packages fix security vulnerability:

A malformed file with an invalid page header and compressed raster data
can trigger a buffer overflow in cupsRasterReadPixels (CVE-2014-9679).

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:049
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : cups
 Date    : March 2, 2015
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Updated cups packages fix security vulnerability:
 
 A malformed file with an invalid page header and compressed raster data
 can trigger a buffer overflow in cupsRasterReadPixels (CVE-2014-9679).
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9679
 http://advisories.mageia.org/MGASA-2015-0067.html
 _______________________________________________________________________

 Updated Packages:

 Mandriva Business Server 1/X86_64:
 065d8c8fe11

Updated elfutils packages fix security vulnerability:

Directory traversal vulnerability in the read_long_names function in
libelf/elf_begin.c in elfutils allows remote attackers to write to
arbitrary files to the root directory via a / (slash) in a crafted
archive, as demonstrated using the ar program (CVE-2014-9447).

Multiple vulnerabilities has been discovered and corrected in
postgresql:

Stephen Frost discovered that PostgreSQL incorrectly displayed
certain values in error messages. An authenticated user could gain
access to seeing certain values, contrary to expected permissions
(CVE-2014-8161).

Andres Freund, Peter Geoghegan and Noah Misch discovered that
PostgreSQL incorrectly handled buffers in to_char functions. An
authenticated attacker could possibly use this issue to cause
PostgreSQL to crash, resulting in a denial of service, or possibly
execute arbitrary code (CVE-2015-0241).

It was discovered that PostgreSQL incorrectly handled memory in the
pgcrypto extension. An authenticated attacker could possibly use this
issue to cause PostgreSQL to crash, resulting in a denial of service,
or possibly execute arbitrary code (CVE-2015-0243).

Emil Lenngren discovered that PostgreSQL incorrectly handled extended
protocol message reading. An authenticated attacker could possibly
use this issue to cause PostgreSQL to crash, resulting in a denial
of service, or possibly inject query messages (CVE-2015-0244).

This advisory provides the latest version of PostgreSQL that is not
vulnerable to these issues.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:048
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : postgresql
 Date    : February 12, 2015
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been discovered and corrected in
 postgresql:
 
 Stephen Frost discovered that PostgreSQL incorrectly displayed
 certain values in error messages. An authenticated user could gain
 access to seeing certain values, contrary to expected permissions
 (CVE-2014-8161).
 
 Andres Freund, Peter Geoghegan and Noah Misch discovered that
 PostgreSQL incorrectly handled buffers in to_char functions. An
 authenticated attacker could possibly use this issue to cause
 PostgreSQL to crash, resulting in a denia

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:047
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : elfutils
 Date    : February 12, 2015
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Updated elfutils packages fix security vulnerability:
 
 Directory traversal vulnerability in the read_long_names function in
 libelf/elf_begin.c in elfutils allows remote attackers to write to
 arbitrary files to the root directory via a / (slash) in a crafted
 archive, as demonstrated using the ar program (CVE-2014-9447).
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9447
 http://advisories.mageia.org/MGASA-2015-0033.html
 ____

A vulnerability has been discovered and corrected in perl-Gtk2:

Incorrect memory management in Gtk2::Gdk::Display::list_devices in
perl-Gtk2 before 1.2495, where, the code was freeing memory that gtk+
still holds onto and might access later.

The updated packages have been patched to correct this issue.

Updated e2fsprogs packages fix security vulnerability:

The libext2fs library, part of e2fsprogs and utilized by its utilities,
is affected by a boundary check error on block group descriptor
information, leading to a heap based buffer overflow. A specially
crafted filesystem image can be used to trigger the vulnerability
(CVE-2015-0247).

Updated ntp packages fix security vulnerabilities:

Stephen Roettger of the Google Security Team, Sebastian Krahmer of
the SUSE Security Team and Harlan Stenn of Network Time Foundation
discovered that the length value in extension fields is not properly
validated in several code paths in ntp_crypto.c, which could lead to
information leakage or denial of service (CVE-2014-9297).

Stephen Roettger of the Google Security Team reported that ACLs based
on IPv6 ::1 (localhost) addresses can be bypassed (CVE-2014-9298).

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:046
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : ntp
 Date    : February 12, 2015
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Updated ntp packages fix security vulnerabilities:
 
 Stephen Roettger of the Google Security Team, Sebastian Krahmer of
 the SUSE Security Team and Harlan Stenn of Network Time Foundation
 discovered that the length value in extension fields is not properly
 validated in several code paths in ntp_crypto.c, which could lead to
 information leakage or denial of service (CVE-2014-9297).
 
 Stephen Roettger of the Google Security Team reported that ACLs based
 on IPv6 ::1 (localhost) addresses can be bypassed (CVE-2014-9298).
 ______