-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2014:211
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : wpa_supplicant
 Date    : October 29, 2014
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Updated wpa_supplicant packages fix security vulnerability:
 
 A vulnerability was found in the mechanism wpa_cli and hostapd_cli use
 for executing action scripts. An unsanitized string received from a
 remote device can be passed to a system() call resulting in arbitrary
 command execution under the privileges of the wpa_cli/hostapd_cli
 process (which may be root in common use cases) (CVE-2014-3686).
 
 Using the wpa_supplicant package, systems are exposed to the
 vulnerability if operating as a WPS registrar.
 ______