Updated gnupg packages fix security vulnerability:

The gnupg program before version 1.4.16 is vulnerable to an ELGAMAL
side-channel attack (CVE-2014-5270).

Updated curl packages fix security vulnerabilities:

In cURL before 7.38.0, libcurl can be fooled to both sending cookies
to wrong sites and into allowing arbitrary sites to set cookies for
others. For this problem to trigger, the client application must use
the numerical IP address in the URL to access the site (CVE-2014-3613).

In cURL before 7.38.0, libcurl wrongly allows cookies to be set for Top
Level Domains (TLDs), thus making them apply broader than cookies are
allowed. This can allow arbitrary sites to set cookies that then would
get sent to a different and unrelated site or domain (CVE-2014-3620).

Updated wireshark packages fix security vulnerabilities:

RTP dissector crash (CVE-2014-6421, CVE-2014-6422).

MEGACO dissector infinite loop (CVE-2014-6423).

Netflow dissector crash (CVE-2014-6424).

RTSP dissector crash (CVE-2014-6427).

SES dissector crash (CVE-2014-6428).

Sniffer file parser crash (CVE-2014-6429, CVE-2014-6430, CVE-2014-6431,
CVE-2014-6432).

A vulnerability has been discovered and corrected in Mozilla NSS:

Antoine Delignat-Lavaud, security researcher at Inria Paris in
team Prosecco, reported an issue in Network Security Services (NSS)
libraries affecting all versions. He discovered that NSS is vulnerable
to a variant of a signature forgery attack previously published
by Daniel Bleichenbacher. This is due to lenient parsing of ASN.1
values involved in a signature and could lead to the forging of RSA
certificates (CVE-2014-1568).

The updated NSPR packages have been upgraded to the latest 4.10.7
version.

The updated NSS packages have been upgraded to the latest 3.17.1
version which is not vulnerable to this issue.

Additionally the rootcerts package has also been updated to the latest
version as of 2014-08-05.

This is a maintenance and bugfix release that upgrades php to the
latest 5.5.17 version which resolves various upstream bugs in php.

Additionally, the php-timezonedb packages has been upgraded to the
latest 2014.7 version, the php-suhosin packages has been upgraded to
the latest 0.9.36 version which has better support for php-5.5 and
the PECL packages which requires so has been rebuilt for php-5.5.17.

A vulnerability has been discovered and corrected in phpmyadmin:

With a crafted ENUM value it is possible to trigger an XSS in table
search and table structure pages (CVE-2014-7217).

This upgrade provides the latest phpmyadmin version (4.2.9.1) to
address this vulnerability.

Multiple vulnerabilities has been discovered and corrected in libvirt:

An out-of-bounds read flaw was found in the way libvirt’s
qemuDomainGetBlockIoTune() function looked up the disk index in
a non-persistent (live) disk configuration while a persistent disk
configuration was being indexed. A remote attacker able to establish a
read-only connection to libvirtd could use this flaw to crash libvirtd
or, potentially, leak memory from the libvirtd process (CVE-2014-3633).

A denial of service flaw was found in the way libvirt’s
virConnectListAllDomains() function computed the number of used
domains. A remote attacker able to establish a read-only connection
to libvirtd could use this flaw to make any domain operations within
libvirt unresponsive (CVE-2014-3657).

The updated libvirt packages have been upgraded to the 1.1.3.6 version
and patched to resolve these security flaws.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Advisory                                   MDVA-2014:018
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : timezone
 Date    : October 3, 2014
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 This is a maintenance and bugfix release that upgrades the timezone
 data packages to the 2014g version.
 _______________________________________________________________________

 Updated Packages:

 Mandriva Business Server 1/X86_64:
 0a1bda6ed3fb936cd1ce76528cce8e52  mbs1/x86_64/timezone-2014g-1.mbs1.x86_64.rpm
 cdca8c5afa60b40bbe08d3b939880722  mbs1/x86_64/timezone-java-2014g-1.mbs1.x86_64.rpm 
 87f855e977ac8cbb448a18ef4ffb1ab3  mbs1/SRPMS/timezone-2014g-1.mbs1.src.rpm
 _______________________________________________________

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2014:195
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : libvirt
 Date    : October 3, 2014
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been discovered and corrected in libvirt:
 
 An out-of-bounds read flaw was found in the way libvirt's
 qemuDomainGetBlockIoTune() function looked up the disk index in
 a non-persistent (live) disk configuration while a persistent disk
 configuration was being indexed. A remote attacker able to establish a
 read-only connection to libvirtd could use this flaw to crash libvirtd
 or, potentially, leak memory from the libvirtd process (CVE-2014-3633).
 
 A denial of service flaw was found in the wa

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2014:194
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : phpmyadmin
 Date    : October 3, 2014
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been discovered and corrected in phpmyadmin:
 
 With a crafted ENUM value it is possible to trigger an XSS in table
 search and table structure pages (CVE-2014-7217).
 
 This upgrade provides the latest phpmyadmin version (4.2.9.1) to
 address this vulnerability.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7217
 http://www.phpmyadmin.net/home_page/security/PMASA-2014-11.php
 _________________________________