Updated java-1.7.0-openjdk packages fix an upstream regression:

This update provides IcedTea 2.5.2, which fixes several bugs, most
notably regressions in the previous release which broke Groovy and
several other Java tools and applications.

A flaw was found in the way Bash evaluated certain specially crafted
environment variables. An attacker could use this flaw to override or
bypass environment restrictions to execute shell commands. Certain
services and applications allow remote unauthenticated attackers to
provide environment variables, allowing them to exploit this issue
(CVE-2014-6271).

It was found that the fix for CVE-2014-6271 was incomplete, and
Bash still allowed certain characters to be injected into other
environments via specially crafted environment variables. An
attacker could potentially use this flaw to override or bypass
environment restrictions to execute shell commands. Certain
services and applications allow remote unauthenticated attackers to
provide environment variables, allowing them to exploit this issue
(CVE-2014-7169, CVE-2014-7186, CVE-2014-7187).

Additionally bash has been updated from patch level 37 to 48 using
the upstream patches at ftp://ftp.gnu.org/gnu/bash/bash-4.2-patches/
which resolves various bugs.

Updated gnupg packages fix security vulnerability:

The gnupg program before version 1.4.16 is vulnerable to an ELGAMAL
side-channel attack (CVE-2014-5270).

Updated curl packages fix security vulnerabilities:

In cURL before 7.38.0, libcurl can be fooled to both sending cookies
to wrong sites and into allowing arbitrary sites to set cookies for
others. For this problem to trigger, the client application must use
the numerical IP address in the URL to access the site (CVE-2014-3613).

In cURL before 7.38.0, libcurl wrongly allows cookies to be set for Top
Level Domains (TLDs), thus making them apply broader than cookies are
allowed. This can allow arbitrary sites to set cookies that then would
get sent to a different and unrelated site or domain (CVE-2014-3620).

A vulnerability has been discovered and corrected in phpmyadmin:

With a crafted ENUM value it is possible to trigger an XSS in table
search and table structure pages (CVE-2014-7217).

This upgrade provides the latest phpmyadmin version (4.2.9.1) to
address this vulnerability.

Multiple vulnerabilities has been discovered and corrected in libvirt:

An out-of-bounds read flaw was found in the way libvirt’s
qemuDomainGetBlockIoTune() function looked up the disk index in
a non-persistent (live) disk configuration while a persistent disk
configuration was being indexed. A remote attacker able to establish a
read-only connection to libvirtd could use this flaw to crash libvirtd
or, potentially, leak memory from the libvirtd process (CVE-2014-3633).

A denial of service flaw was found in the way libvirt’s
virConnectListAllDomains() function computed the number of used
domains. A remote attacker able to establish a read-only connection
to libvirtd could use this flaw to make any domain operations within
libvirt unresponsive (CVE-2014-3657).

The updated libvirt packages have been upgraded to the 1.1.3.6 version
and patched to resolve these security flaws.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Advisory                                   MDVA-2014:018
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : timezone
 Date    : October 3, 2014
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 This is a maintenance and bugfix release that upgrades the timezone
 data packages to the 2014g version.
 _______________________________________________________________________

 Updated Packages:

 Mandriva Business Server 1/X86_64:
 0a1bda6ed3fb936cd1ce76528cce8e52  mbs1/x86_64/timezone-2014g-1.mbs1.x86_64.rpm
 cdca8c5afa60b40bbe08d3b939880722  mbs1/x86_64/timezone-java-2014g-1.mbs1.x86_64.rpm 
 87f855e977ac8cbb448a18ef4ffb1ab3  mbs1/SRPMS/timezone-2014g-1.mbs1.src.rpm
 _______________________________________________________

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2014:195
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : libvirt
 Date    : October 3, 2014
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been discovered and corrected in libvirt:
 
 An out-of-bounds read flaw was found in the way libvirt's
 qemuDomainGetBlockIoTune() function looked up the disk index in
 a non-persistent (live) disk configuration while a persistent disk
 configuration was being indexed. A remote attacker able to establish a
 read-only connection to libvirtd could use this flaw to crash libvirtd
 or, potentially, leak memory from the libvirtd process (CVE-2014-3633).
 
 A denial of service flaw was found in the wa

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2014:194
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : phpmyadmin
 Date    : October 3, 2014
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been discovered and corrected in phpmyadmin:
 
 With a crafted ENUM value it is possible to trigger an XSS in table
 search and table structure pages (CVE-2014-7217).
 
 This upgrade provides the latest phpmyadmin version (4.2.9.1) to
 address this vulnerability.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7217
 http://www.phpmyadmin.net/home_page/security/PMASA-2014-11.php
 _________________________________