-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:024
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : libsndfile
 Date    : January 15, 2015
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Updated libsndfile packages fix security vulnerabilities:
 
 libsndfile contains multiple buffer-overflow vulnerabilities in
 src/sd2.c because it fails to properly bounds-check user supplied
 input, which may allow an attacker to execute arbitrary code or cause
 a denial of service (CVE-2014-9496).
 
 libsndfile contains a divide-by-zero error in src/file_io.c which
 may allow an attacker to cause a denial of service.
 _______________________________________________________________________

 References:

 http://cve.mitre.o

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:023
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : libvirt
 Date    : January 15, 2015
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Updated libvirt packages fix security vulnerability:
 
 The qemuDomainMigratePerform and qemuDomainMigrateFinish2 functions
 in qemu/qemu_driver.c in libvirt do not unlock the domain when an
 ACL check fails, which allow local users to cause a denial of service
 via unspecified vectors (CVE-2014-8136).
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8136
 http://advisories.mageia.org/MGASA-2015-0002.html
 ____________________________

This is a maintenance and bugfix release that upgrades MariaDB to
the latest 5.5.41 version which resolves various upstream bugs.

Updated curl packages fix security vulnerability:

When libcurl sends a request to a server via a HTTP proxy, it copies
the entire URL into the request and sends if off. If the given URL
contains line feeds and carriage returns those will be sent along to
the proxy too, which allows the program to for example send a separate
HTTP request injected embedded in the URL (CVE-2014-8150).

Updated wireshark packages fix security vulnerabilities:

The DEC DNA Routing Protocol dissector could crash (CVE-2015-0562).

The SMTP dissector could crash (CVE-2015-0563).

Wireshark could crash while decypting TLS/SSL sessions (CVE-2015-0564).

Updated libssh packages fix security vulnerability:

Double free vulnerability in the ssh_packet_kexinit function in kex.c
in libssh 0.5.x and 0.6.x before 0.6.4 allows remote attackers to
cause a denial of service via a crafted kexinit packet (CVE-2014-8132).

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Advisory                                   MDVA-2015:002
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : mariadb
 Date    : January 12, 2015
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 This is a maintenance and bugfix release that upgrades MariaDB to
 the latest 5.5.41 version which resolves various upstream bugs.
 _______________________________________________________________________

 References:

 https://mariadb.com/kb/en/mariadb-5541-changelog/
 _______________________________________________________________________

 Updated Packages:

 Mandriva Business Server 1/X86_64:
 cb4243c231be6a9e3e75ec7203acfe74  mbs1/x86_64/lib64mariadb18-5.5.41-1.mbs1.x86_64.rpm
 6f80a336dc7b0a4f60a64e6d977eaca0  mbs1/x86_64

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:022
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : wireshark
 Date    : January 12, 2015
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Updated wireshark packages fix security vulnerabilities:
 
 The DEC DNA Routing Protocol dissector could crash (CVE-2015-0562).
 
 The SMTP dissector could crash (CVE-2015-0563).
 
 Wireshark could crash while decypting TLS/SSL sessions (CVE-2015-0564).
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0562
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0563
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0564
 http:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:021
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : curl
 Date    : January 12, 2015
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Updated curl packages fix security vulnerability:
 
 When libcurl sends a request to a server via a HTTP proxy, it copies
 the entire URL into the request and sends if off. If the given URL
 contains line feeds and carriage returns those will be sent along to
 the proxy too, which allows the program to for example send a separate
 HTTP request injected embedded in the URL (CVE-2014-8150).
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:020
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : libssh
 Date    : January 12, 2015
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Updated libssh packages fix security vulnerability:
 
 Double free vulnerability in the ssh_packet_kexinit function in kex.c
 in libssh 0.5.x and 0.6.x before 0.6.4 allows remote attackers to
 cause a denial of service via a crafted kexinit packet (CVE-2014-8132).
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8132
 http://advisories.mageia.org/MGASA-2015-0014.html
 ____________________________________________________________________