Multiple vulnerabilities has been found and corrected in sqlite3:

SQLite before 3.8.9 does not properly implement the dequoting of
collation-sequence names, which allows context-dependent attackers to
cause a denial of service (uninitialized memory access and application
crash) or possibly have unspecified other impact via a crafted COLLATE
clause, as demonstrated by COLLATE at the end of a SELECT statement
(CVE-2015-3414).

The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9
does not properly implement comparison operators, which allows
context-dependent attackers to cause a denial of service (invalid
free operation) or possibly have unspecified other impact via a
crafted CHECK clause, as demonstrated by CHECK(0&O>O) in a CREATE
TABLE statement (CVE-2015-3415).

The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does
not properly handle precision and width values during floating-point
conversions, which allows context-dependent attackers to cause a
denial of service (integer overflow and stack-based buffer overflow)
or possibly have unspecified other impact via large integers in a
crafted printf function call in a SELECT statement (CVE-2015-3416).

The updated packages provides a solution for these security issues.

Multiple vulnerabilities has been found and corrected in glibc:

It was discovered that, under certain circumstances, glibc’s
getaddrinfo() function would send DNS queries to random file
descriptors. An attacker could potentially use this flaw to send DNS
queries to unintended recipients, resulting in information disclosure
or data loss due to the application encountering corrupted data
(CVE-2013-7423).

A buffer overflow flaw was found in the way glibc’s gethostbyname_r()
and other related functions computed the size of a buffer when passed
a misaligned buffer as input. An attacker able to make an application
call any of these functions with a misaligned buffer could use this
flaw to crash the application or, potentially, execute arbitrary
code with the permissions of the user running the application
(CVE-2015-1781).

The updated packages provides a solution for these security issues.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:218
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : glibc
 Date    : April 30, 2015
 Affected: Business Server 1.0, Business Server 2.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been found and corrected in glibc:
 
 It was discovered that, under certain circumstances, glibc's
 getaddrinfo() function would send DNS queries to random file
 descriptors. An attacker could potentially use this flaw to send DNS
 queries to unintended recipients, resulting in information disclosure
 or data loss due to the application encountering corrupted data
 (CVE-2013-7423).
 
 A buffer overflow flaw was found in the way glibc's gethostbyname_r()
 and other rela

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:217
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : sqlite3
 Date    : April 30, 2015
 Affected: Business Server 1.0, Business Server 2.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been found and corrected in sqlite3:
 
 SQLite before 3.8.9 does not properly implement the dequoting of
 collation-sequence names, which allows context-dependent attackers to
 cause a denial of service (uninitialized memory access and application
 crash) or possibly have unspecified other impact via a crafted COLLATE
 clause, as demonstrated by COLLATE at the end of a SELECT statement
 (CVE-2015-3414).
 
 The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9
 does not pro

Updated t1utils package fixes security vulnerabilities:

The t1utils package has been updated to version 1.39, which fixes a
buffer overrun, infinite loop, and stack overflow in t1disasm.

Updated ntop package fixes security vulnerability:

Lack of filtering in the title parameter of links to rrdPlugin allowed
cross-site-scripting (XSS) attacks against users of the web interface
(CVE-2014-4165).

Updated ntop package fixes security vulnerability:

Lack of filtering in the title parameter of links to rrdPlugin allowed
cross-site-scripting (XSS) attacks against users of the web interface
(CVE-2014-4165).

Updated lftp packages fix security vulnerability:

lftp incorrectly validates wildcard SSL certificates containing literal
IP addresses, so under certain conditions, it would allow and use a
wildcard match specified in the CN field, allowing a malicious server
to participate in a MITM attack or just fool users into believing
that it is a legitimate site (CVE-2014-0139).

lftp was affected by this issue as it uses code from cURL for checking
SSL certificates. The curl package was fixed in MDVSA-2015:098.

Updated libksba packages fix security vulnerabilities:

The libksba package has been updated to version 1.3.3, which fixes
an integer overflow in the DN decoder and a couple of other minor bugs.

Updated libksba packages fix security vulnerabilities:

The libksba package has been updated to version 1.3.3, which fixes
an integer overflow in the DN decoder and a couple of other minor bugs.