Updated dump packages fix security vulnerability:

An integer overflow in liblzo before 2.07 allows attackers to cause
a denial of service or possibly code execution in applications using
performing LZO decompression on a compressed payload from the attacker
(CVE-2014-4607).

The dump package is built with a bundled copy of minilzo, which is
a part of liblzo containing the vulnerable code.

Updated perl-Email-Address package fixes security vulnerability:

The parse function in Email::Address module before 1.905 for Perl
uses an inefficient regular expression, which allows remote attackers
to cause a denial of service (CPU consumption) via an empty quoted
string in an RFC 2822 address (CVE-2014-0477).

The Email::Address module before 1.904 for Perl uses an inefficient
regular expression, which allows remote attackers to cause a denial
of service (CPU consumption) via vectors related to backtracking into
the phrase (CVE-2014-4720).

Updated zarafa packages fix security vulnerabilities:

Robert Scheck reported that Zarafa’s WebAccess stored session
information, including login credentials, on-disk in PHP session
files. This session file would contain a user’s username and password
to the Zarafa IMAP server (CVE-2014-0103).

Robert Scheck discovered that the Zarafa Collaboration Platform has
multiple incorrect default permissions (CVE-2014-5447, CVE-2014-5448,
CVE-2014-5449, CVE-2014-5450).

A resource consumption issue was found in the way Xerces-J handled
XML declarations. A remote attacker could use an XML document with
a specially crafted declaration using a long pseudo-attribute name
that, when parsed by an application using Xerces-J, would cause that
application to use an excessive amount of CPU (CVE-2013-4002).

Updated phpmyadmin package fixes security vulnerability:

In phpMyAdmin before 4.2.9, by deceiving a logged-in user to click on
a crafted URL, it is possible to perform remote code execution and in
some cases, create a root account due to a DOM based XSS vulnerability
in the micro history feature (CVE-2014-6300).

A regression with the MDVSA-2014:179 advisory was discovered. This
advisory solves the problem by adding the missing get_random_string
function.

Updated net-snmp packages fix security vulnerabilities:

A remote denial-of-service flaw was found in the way snmptrapd handled
certain SNMP traps when started with the -OQ option. If an attacker
sent an SNMP trap containing a variable with a NULL type where an
integer variable type was expected, it would cause snmptrapd to crash
(CVE-2014-3565).

Updated perl-XML-DT package fixes security vulnerability:

The mkxmltype and mkdtskel scripts provided in perl-XML-DT allow
local users to overwrite arbitrary files via a symlink attack on a
/tmp/_xml_##### temporary file (CVE-2014-5260).

Updated libgadu packages fix security vulnerability:

Libgadu before 1.12.0 was found to not be performing SSL certificate
validation (CVE-2013-4488).

A vulnerability has been discovered and corrected in phpmyadmin:

With a crafted ENUM value it is possible to trigger an XSS in table
search and table structure pages (CVE-2014-7217).

This upgrade provides the latest phpmyadmin version (4.2.9.1) to
address this vulnerability.