-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:168
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : glibc
 Date    : March 30, 2015
 Affected: Business Server 2.0
 _______________________________________________________________________

 Problem Description:

 Updated glibc packages fix security vulnerabilities:
 
 Stephane Chazelas discovered that directory traversal issue in locale
 handling in glibc.  glibc accepts relative paths with .. components
 in the LC_* and LANG variables.  Together with typical OpenSSH
 configurations (with suitable AcceptEnv settings in sshd_config),
 this could conceivably be used to bypass ForceCommand restrictions
 (or restricted shells), assuming the attacker has sufficient level
 of access to a file system location on the host to create crafted
 locale