Updated gcc packages fix the following security issue:

Multiple integer overflow issues were found in libgfortran, the
run-time support library for the Fortran compiler. These could possibly
be used to crash a Fortran application or cause it to execute arbitrary
code CVE-2014-5044).

They also fix the following bugs:

The gcc rtl-optimization sched2 miscompiles syscall sequence wich
can cause random panic in glibc and kernel (gcc/PR61801)

clang++ fails to find cxxabi.h and cxxabi_tweaks.h during build
(mga#13543)

Updated freerdp packages fix security vulnerabilities:

Integer overflows in memory allocations in client/X11/xf_graphics.c in
FreeRDP through 1.0.2 allows remote RDP servers to have an unspecified
impact through unspecified vectors (CVE-2014-0250).

Integer overflow in the license_read_scope_list function in
libfreerdp/core/license.c in FreeRDP through 1.0.2 allows remote RDP
servers to cause a denial of service (application crash) or possibly
have unspecified other impact via a large ScopeCount value in a Scope
List in a Server License Request packet (CVE-2014-0791).

Updated glpi package fixes security vulnerabilities:

Due to a bug in GLPI before 0.84.7, a user without access to cost
information can in fact see the information when selecting cost as
a search criteria (CVE-2014-5032).

An issue in GLPI before 0.84.8 may allow arbitrary local files to be
included by PHP through an autoload function (CVE-2014-8360).

SQL injection vulnerability in ajax/getDropdownValue.php in GLPI
before 0.85.1 allows remote authenticated users to execute arbitrary
SQL commands via the condition parameter (CVE-2014-9258).

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:184
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : setup
 Date    : March 30, 2015
 Affected: Business Server 2.0
 _______________________________________________________________________

 Problem Description:

 Updated setup package fixes security vulnerability:
 
 An issue has been identified in Mandriva Business Server 2's setup
 package where the /etc/shadow and /etc/gshadow files containing
 password hashes were created with incorrect permissions, making them
 world-readable (mga#14516).
 
 This update fixes this issue by enforcing that those files are owned
 by the root user and shadow group, and are only readable by those
 two entities.
 
 Note that this issue only affected new Mandriva Business Server
 2 installations.  System

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:183
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : wireshark
 Date    : March 30, 2015
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Updated wireshark package fixes security vulnerabilies:
 
 The WCP dissector could crash (CVE-2015-2188).
 
 The pcapng file parser could crash (CVE-2015-2189).
 
 The TNEF dissector could go into an infinite loop (CVE-2015-2191).
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2188
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2189
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2191
 http://advisories.mageia.org/M

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:182
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : tcpdump
 Date    : March 30, 2015
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Updated tcpdump package fixes security vulnerabilities:
 
 Several vulnerabilities have been discovered in tcpdump. These
 vulnerabilities might result in denial of service (application
 crash) or, potentially, execution of arbitrary code (CVE-2015-0261,
 CVE-2015-2153, CVE-2015-2154, CVE-2015-2155).
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0261
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2153
 http://cve.mitre.org/c

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                       MDVSA-2015:145-1
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : libxfont
 Date    : March 30, 2015
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Updated libxfont packages fix security vulnerabilities:
 
 Ilja van Sprundel discovered that libXfont incorrectly handled font
 metadata file parsing. A local attacker could use this issue to cause
 libXfont to crash, or possibly execute arbitrary code in order to
 gain privileges (CVE-2014-0209).
 
 Ilja van Sprundel discovered that libXfont incorrectly handled X Font
 Server replies. A malicious font server could return specially-crafted
 data that could cause libXfont to crash, or possibly execute arbitrary
 code (CVE-2014-02

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                       MDVSA-2015:147-1
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : libtiff
 Date    : March 30, 2015
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Updated libtiff packages fix security vulnerabilities:
 
 The libtiff image decoder library contains several issues that
 could cause the decoder to crash when reading crafted TIFF images
 (CVE-2014-8127, CVE-2014-8128, CVE-2014-8129, CVE-2014-8130,
 CVE-2014-9655, CVE-2015-1547).

 Update:

 Packages for Mandriva Business Server 1 are now being provided.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8127
 http://cve.mitre.org/cgi-bi

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:181
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : drupal
 Date    : March 30, 2015
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Updated drupal packages fix security vulnerabilities:
 
 An information disclosure vulnerability was discovered in Drupal
 before 7.27. When pages are cached for anonymous users, form state
 may leak between anonymous users. Sensitive or private information
 recorded for one anonymous user could thus be disclosed to other
 users interacting with the same form at the same time (CVE-2014-2983).
 
 Multiple security issues in Drupal before 7.29, including a denial
 of service issue, an access bypass issue in the File module, and
 mul

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:180
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : apache-mod_wsgi
 Date    : March 30, 2015
 Affected: Business Server 2.0
 _______________________________________________________________________

 Problem Description:

 Updated apache-mod_wsgi package fixes security vulnerabilities:
 
 apache-mod_wsgi before 4.2.4 contained an off-by-one error in
 applying a limit to the number of supplementary groups allowed for
 a daemon process group. The result could be that if more groups
 than the operating system allowed were specified to the option
 supplementary-groups, then memory corruption or a process crash
 could occur.
 
 It was discovered that mod_wsgi incorrectly handled errors when
 setting up the working directory and group access righ