Multiple vulnerabilities has been found and corrected in the Linux
kernel:

The try_to_unmap_cluster function in mm/rmap.c in the Linux kernel
before 3.14.3 does not properly consider which pages must be locked,
which allows local users to cause a denial of service (system crash) by
triggering a memory-usage pattern that requires removal of page-table
mappings (CVE-2014-3122).

Multiple stack-based buffer overflows in the magicmouse_raw_event
function in drivers/hid/hid-magicmouse.c in the Magic Mouse HID driver
in the Linux kernel through 3.16.3 allow physically proximate attackers
to cause a denial of service (system crash) or possibly execute
arbitrary code via a crafted device that provides a large amount of
(1) EHCI or (2) XHCI data associated with an event (CVE-2014-3181).

Array index error in the logi_dj_raw_event function in
drivers/hid/hid-logitech-dj.c in the Linux kernel before 3.16.2 allows
physically proximate attackers to execute arbitrary code or cause a
denial of service (invalid kfree) via a crafted device that provides
a malformed REPORT_TYPE_NOTIF_DEVICE_UNPAIRED value (CVE-2014-3182).

The report_fixup functions in the HID subsystem in the Linux
kernel before 3.16.2 might allow physically proximate attackers
to cause a denial of service (out-of-bounds write) via a crafted
device that provides a small report descriptor, related to
(1) drivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c,
(3) drivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5)
drivers/hid/hid-petalynx.c, and (6) drivers/hid/hid-sunplus.c
(CVE-2014-3184).

Multiple buffer overflows in the command_port_read_callback function in
drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in
the Linux kernel before 3.16.2 allow physically proximate attackers
to execute arbitrary code or cause a denial of service (memory
corruption and system crash) via a crafted device that provides a large
amount of (1) EHCI or (2) XHCI data associated with a bulk response
(CVE-2014-3185).

Buffer overflow in the picolcd_raw_event function in
devices/hid/hid-picolcd_core.c in the PicoLCD HID device driver in the
Linux kernel through 3.16.3, as used in Android on Nexus 7 devices,
allows physically proximate attackers to cause a denial of service
(system crash) or possibly execute arbitrary code via a crafted device
that sends a large report (CVE-2014-3186).

arch/s390/kernel/ptrace.c in the Linux kernel before 3.15.8 on the s390
platform does not properly restrict address-space control operations
in PTRACE_POKEUSR_AREA requests, which allows local users to obtain
read and write access to kernel memory locations, and consequently gain
privileges, via a crafted application that makes a ptrace system call
(CVE-2014-3534).

The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux
kernel through 3.16.1 miscalculates the number of pages during the
handling of a mapping failure, which allows guest OS users to (1)
cause a denial of service (host OS memory corruption) or possibly
have unspecified other impact by triggering a large gfn value or (2)
cause a denial of service (host OS memory consumption) by triggering a
small gfn value that leads to permanently pinned pages (CVE-2014-3601).

The sctp_assoc_update function in net/sctp/associola.c in the
Linux kernel through 3.15.8, when SCTP authentication is enabled,
allows remote attackers to cause a denial of service (NULL pointer
dereference and OOPS) by starting to establish an association between
two endpoints immediately after an exchange of INIT and INIT ACK
chunks to establish an earlier association between these endpoints
in the opposite direction (CVE-2014-5077).

The do_remount function in fs/namespace.c in the Linux kernel through
3.16.1 does not maintain the MNT_LOCK_READONLY bit across a remount of
a bind mount, which allows local users to bypass an intended read-only
restriction and defeat certain sandbox protection mechanisms via a
mount -o remount command within a user namespace (CVE-2014-5206).

Stack consumption vulnerability in the parse_rock_ridge_inode_internal
function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows
local users to cause a denial of service (uncontrolled recursion, and
system crash or reboot) via a crafted iso9660 image with a CL entry
referring to a directory entry that has a CL entry (CVE-2014-5471).

The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in
the Linux kernel through 3.16.1 allows local users to cause a denial
of service (unkillable mount process) via a crafted iso9660 image
with a self-referential CL entry (CVE-2014-5472).

The __udf_read_inode function in fs/udf/inode.c in the Linux kernel
through 3.16.3 does not restrict the amount of ICB indirection, which
allows physically proximate attackers to cause a denial of service
(infinite loop or stack consumption) via a UDF filesystem with a
crafted inode (CVE-2014-6410).

The do_umount function in fs/namespace.c in the Linux kernel through
3.17 does not require the CAP_SYS_ADMIN capability for do_remount_sb
calls that change the root filesystem to read-only, which allows
local users to cause a denial of service (loss of writability) by
making certain unshare system calls, clearing the / MNT_LOCKED flag,
and making an MNT_FORCE umount system call (CVE-2014-7975).

The updated packages provides a solution for these security issues.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2014:201
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : kernel
 Date    : October 21, 2014
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been found and corrected in the Linux
 kernel:
 
 The try_to_unmap_cluster function in mm/rmap.c in the Linux kernel
 before 3.14.3 does not properly consider which pages must be locked,
 which allows local users to cause a denial of service (system crash) by
 triggering a memory-usage pattern that requires removal of page-table
 mappings (CVE-2014-3122).
 
 Multiple stack-based buffer overflows in the magicmouse_raw_event
 function in drivers/hid/hid-magicmouse.c in the Magic Mouse HID driver
 in th

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2014:200
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : bugzilla
 Date    : October 21, 2014
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Updated bugzilla packages fix security vulnerabilities:
 
 If a new comment was marked private to the insider group, and a flag
 was set in the same transaction, the comment would be visible to flag
 recipients even if they were not in the insider group (CVE-2014-1571).
 
 An attacker creating a new Bugzilla account can override certain
 parameters when finalizing the account creation that can lead to the
 user being created with a different email address than originally
 requested. The overridden login name could be automatic

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2014:199
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : perl
 Date    : October 21, 2014
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Updated perl and perl-Data-Dumper packages fixes security
 vulnerability:
 
 The Dumper method in Data::Dumper before 2.154, allows
 context-dependent attackers to cause a denial of service (stack
 consumption and crash) via an Array-Reference with many nested
 Array-References, which triggers a large number of recursive calls
 to the DD_dump function (CVE-2014-4330).
 
 The Data::Dumper module bundled with perl and the perl-Data-Dumper
 packages has been updated to fix this issue.
 ________________________________________________

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2014:198
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : mediawiki
 Date    : October 21, 2014
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Updated mediawiki packages fix security vulnerability:
 
 MediaWiki before 1.23.4 is vulnerable to cross-site scripting due to
 JavaScript injection via CSS in uploaded SVG files (CVE-2014-7199).
 
 MediaWiki before 1.23.5 is vulnerable to cross-site scripting due to
 JavaScript injection via user-specificed CSS in certain special pages
 (CVE-2014-7295).
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7199
 http://cve.mitre.org/cgi

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2014:197
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : python
 Date    : October 21, 2014
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Updated python packages fix security vulnerability:
 
 Python before 2.7.8 is vulnerable to an integer overflow in the buffer
 type (CVE-2014-7185).
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7185
 http://advisories.mageia.org/MGASA-2014-0399.html
 _______________________________________________________________________

 Updated Packages:

 Mandriva Business Server 1/X86_64:
 dcefcf76c1a242a7f6f1b6db782df456  mbs1/x86_64/lib64pyt

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2014:196
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : rsyslog
 Date    : October 21, 2014
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Updated rsyslog packages fix security vulnerability:
 
 Rainer Gerhards, the rsyslog project leader, reported a vulnerability
 in Rsyslog. As a consequence of this vulnerability an attacker can send
 malformed messages to a server, if this one accepts data from untrusted
 sources, and trigger a denial of service attack (CVE-2014-3634).
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3634
 http://cve.mitre.org/cgi-bin/cvename.cgi?name

A resource consumption issue was found in the way Xerces-J handled
XML declarations. A remote attacker could use an XML document with
a specially crafted declaration using a long pseudo-attribute name
that, when parsed by an application using Xerces-J, would cause that
application to use an excessive amount of CPU (CVE-2013-4002).

Updated phpmyadmin package fixes security vulnerability:

In phpMyAdmin before 4.2.9, by deceiving a logged-in user to click on
a crafted URL, it is possible to perform remote code execution and in
some cases, create a root account due to a DOM based XSS vulnerability
in the micro history feature (CVE-2014-6300).

A regression with the MDVSA-2014:179 advisory was discovered. This
advisory solves the problem by adding the missing get_random_string
function.