-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:029
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : binutils
 Date    : February 5, 2015
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been found and corrected in binutils:
 
 Multiple integer overflows in the (1) _objalloc_alloc function in
 objalloc.c and (2) objalloc_alloc macro in include/objalloc.h in GNU
 libiberty, as used by binutils 2.22, allow remote attackers to cause
 a denial of service (crash) via vectors related to the addition of
 CHUNK_HEADER_SIZE to the length, which triggers a heap-based buffer
 overflow (CVE-2012-3509).
 
 The srec_scan function in bfd/srec.c in libdbfd in GNU binutils
 before 2.25 allows remot

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:028
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : aircrack-ng
 Date    : February 5, 2015
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Updated aircrack-ng package fixes security vulnerabilities:
 
 A length parameter inconsistency in Aircrack-ng before 1.2-rc1
 at aireplay tcp_test() which may lead to remote code execution
 (CVE-2014-8322).
 
 A missing check for data format in Aircrack-ng before 1.2-rc1 at
 buddy-ng which may lead to denial of service (CVE-2014-8323).
 
 A missing check for invalid values in Aircrack-ng before 1.2-rc1
 at airserv-ng net_get() which may lead to denial of service
 (CVE-2014-8324).
 __________________________________________

Multiple vulnerabilities has been found and corrected in the Linux
kernel:

The SCTP implementation in the Linux kernel before 3.17.4 allows
remote attackers to cause a denial of service (memory consumption) by
triggering a large number of chunks in an association’s output queue,
as demonstrated by ASCONF probes, related to net/sctp/inqueue.c and
net/sctp/sm_statefuns.c (CVE-2014-3688=.

Buffer overflow in net/ceph/auth_x.c in Ceph, as used in the Linux
kernel before 3.16.3, allows remote attackers to cause a denial of
service (memory corruption and panic) or possibly have unspecified
other impact via a long unencrypted auth ticket (CVE-2014-6416).

net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3,
does not properly consider the possibility of kmalloc failure, which
allows remote attackers to cause a denial of service (system crash)
or possibly have unspecified other impact via a long unencrypted auth
ticket (CVE-2014-6417).

net/ceph/auth_x.c in Ceph, as used in the Linux kernel before
3.16.3, does not properly validate auth replies, which allows remote
attackers to cause a denial of service (system crash) or possibly
have unspecified other impact via crafted data from the IP address
of a Ceph Monitor (CVE-2014-6418).

The sctp_process_param function in net/sctp/sm_make_chunk.c in the
SCTP implementation in the Linux kernel before 3.17.4, when ASCONF
is used, allows remote attackers to cause a denial of service (NULL
pointer dereference and system crash) via a malformed INIT chunk
(CVE-2014-7841).

Race condition in arch/x86/kvm/x86.c in the Linux kernel before 3.17.4
allows guest OS users to cause a denial of service (guest OS crash)
via a crafted application that performs an MMIO transaction or a
PIO transaction to trigger a guest userspace emulation error report,
a similar issue to CVE-2010-5313 (CVE-2014-7842).

arch/x86/kernel/tls.c in the Thread Local Storage (TLS) implementation
in the Linux kernel through 3.18.1 allows local users to bypass the
espfix protection mechanism, and consequently makes it easier for
local users to bypass the ASLR protection mechanism, via a crafted
application that makes a set_thread_area system call and later reads
a 16-bit value (CVE-2014-8133).

Stack-based buffer overflow in the
ttusbdecfe_dvbs_diseqc_send_master_cmd function in
drivers/media/usb/ttusb-dec/ttusbdecfe.c in the Linux kernel before
3.17.4 allows local users to cause a denial of service (system crash)
or possibly gain privileges via a large message length in an ioctl call
(CVE-2014-8884).

The do_double_fault function in arch/x86/kernel/traps.c in the Linux
kernel through 3.17.4 does not properly handle faults associated with
the Stack Segment (SS) segment register, which allows local users
to cause a denial of service (panic) via a modify_ldt system call,
as demonstrated by sigreturn_32 in the linux-clock-tests test suite
(CVE-2014-9090).

arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does
not properly handle faults associated with the Stack Segment (SS)
segment register, which allows local users to gain privileges by
triggering an IRET instruction that leads to access to a GS Base
address from the wrong space (CVE-2014-9322).

The __switch_to function in arch/x86/kernel/process_64.c in the Linux
kernel through 3.18.1 does not ensure that Thread Local Storage (TLS)
descriptors are loaded before proceeding with other steps, which makes
it easier for local users to bypass the ASLR protection mechanism via
a crafted application that reads a TLS base address (CVE-2014-9419).

The rock_continue function in fs/isofs/rock.c in the Linux kernel
through 3.18.1 does not restrict the number of Rock Ridge continuation
entries, which allows local users to cause a denial of service
(infinite loop, and system crash or hang) via a crafted iso9660 image
(CVE-2014-9420).

Race condition in the key_gc_unused_keys function in security/keys/gc.c
in the Linux kernel through 3.18.2 allows local users to cause a denial
of service (memory corruption or panic) or possibly have unspecified
other impact via keyctl commands that trigger access to a key structure
member during garbage collection of a key (CVE-2014-9529).

The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in
the Linux kernel before 3.18.2 does not validate a length value in
the Extensions Reference (ER) System Use Field, which allows local
users to obtain sensitive information from kernel memory via a crafted
iso9660 image (CVE-2014-9584).

The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel
through 3.18.2 does not properly choose memory locations for the
vDSO area, which makes it easier for local users to bypass the ASLR
protection mechanism by guessing a location at the end of a PMD
(CVE-2014-9585).

The updated packages provides a solution for these security issues.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:027
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : kernel
 Date    : January 16, 2015
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been found and corrected in the Linux
 kernel:
 
 The SCTP implementation in the Linux kernel before 3.17.4 allows
 remote attackers to cause a denial of service (memory consumption) by
 triggering a large number of chunks in an association's output queue,
 as demonstrated by ASCONF probes, related to net/sctp/inqueue.c and
 net/sctp/sm_statefuns.c (CVE-2014-3688=.
 
 Buffer overflow in net/ceph/auth_x.c in Ceph, as used in the Linux
 kernel before 3.16.3, allows remote attackers to cause a deni

Updated libsndfile packages fix security vulnerabilities:

libsndfile contains multiple buffer-overflow vulnerabilities in
src/sd2.c because it fails to properly bounds-check user supplied
input, which may allow an attacker to execute arbitrary code or cause
a denial of service (CVE-2014-9496).

libsndfile contains a divide-by-zero error in src/file_io.c which
may allow an attacker to cause a denial of service.

Updated mpfr packages fix security vulnerability:

A buffer overflow was reported in mpfr. This is due to incorrect
GMP documentation for mpn_set_str about the size of a buffer
(CVE-2014-9474).

Updated libvirt packages fix security vulnerability:

The qemuDomainMigratePerform and qemuDomainMigrateFinish2 functions
in qemu/qemu_driver.c in libvirt do not unlock the domain when an
ACL check fails, which allow local users to cause a denial of service
via unspecified vectors (CVE-2014-8136).

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:026
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : untrf
 Date    : January 15, 2015
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 
 _______________________________________________________________________

 References:

 http://advisories.mageia.org/MGASA-2015-0016.html
 _______________________________________________________________________

 Updated Packages:

 Mandriva Business Server 1/X86_64:
 5cd7586e3c11dd06c10a5372d6f41720  mbs1/x86_64/unrtf-0.21.9-1.mbs1.x86_64.rpm 
 8e8c788e010dd3e2aa9e60e18b03fcdb  mbs1/SRPMS/unrtf-0.21.9-1.mbs1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use Mandriva

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:025
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : mpfr
 Date    : January 15, 2015
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Updated mpfr packages fix security vulnerability:
 
 A buffer overflow was reported in mpfr. This is due to incorrect
 GMP documentation for mpn_set_str about the size of a buffer
 (CVE-2014-9474).
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9474
 http://advisories.mageia.org/MGASA-2015-0021.html
 _______________________________________________________________________

 Updated Packages:

 Mandriva Business Server 1/X86_64:
 1bacc42