-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

A new update is available for Univention Corporate Server 3.1 as
part of the extended security maintenance.
It addresses the following problem:

Program component:  openssl
Reference:          CVE-2015-0209 CVE-2015-0286 CVE-2015-0287 CVE-2015-0288
                    CVE-2015-0289 CVE-2015-0292
Fixed version:      0.9.8o-4.97.201503231742

Two vulnerabilities have been found in OpenSSL:
 * NULL pointer dereference in elliptic curves (CVE-2015-0209)
 * Denial of service during certificate signature algorithm verification
   in ASN1_TYPE_cmp function (CVE-2015-0286)
 * Memory corruption in ASN.1 parsing (CVE-2015-0287)
 * NULL pointer dereference in X509 parsing (CVE-2015-0288)
 * Denial of service due to NULL pointer dereference in PKCS#7 parsing code
   (CVE-2015-0289)
 * Memory corruption due to missing input sanitising in base64 decoding
   (CVE-2015-0292)

- --
Univention GmbH
be open.
Mary-Somerville-Str.1
28359 Bremen
Tel. : +49 421 22232-0
Fax  : +49 421 22232-99

<info@univention.de>
http://www.univention.de/

Geschäftsführer: Peter H. Ganten
HRB 20755 Amtsgericht Bremen
Steuer-Nr.: 71-597-02876
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBAgAGBQJVEE20AAoJEC07aMN37ihbs4kP/3UW9FGKX64g9af0BO70Jj1L
bk4Fek0oOmDWzN55OKMtzYYz+6Hi0kN6h6AsHK4h/vvfpXn6YK1v428OJnraU+N0
8AM30MYpOngWBX5sqhL9csIxQ0jKhS1svX7sAuVoUQqz1UsP8oYWyDiqFHbd6/kx
Knj/dWIrZFVqXIXX0xDuOH0KwR0tj2fBJgIGy3eZqRhuDAvo4R17TJ308ONBrw7b
N4Ilxop27E7sWyP7DVI8XS4377wHYIaNSNIWvtpm9KQ+SQdl+AyU+yRyZkRHlrDH
rjYkDIgV3Vk62pUvy7YZe9TXTz3K0LaRCTPFiHVwWaO1ltdnPIIaCC9ej2LM85gL
D48w9b66nIRKmCBwzvQLhbBRJN12rQCYodlPulUIzksJwKLY6Nrt7Y3sZXcJPHa+
u/w5cBcia/8x0G4EuexNYb8zDkITY+/zL+eD+oUHCH7/OBzTjFQNoZVtQ7HZA0hb
F4tkinRIiqSrdz/XnRjKKzSjpv7xzf3nETrc9orp/80qVi/NlEaAr7Ig2+UA4hd8
lKnTwMoUrDpj3oNKubRS3oUqM7knZDD5tP0l/X/j0mRRwoVaIolA/9M/78HtNVvm
gcyIa6prHiRx5flPFnYCwxwtvCNdqUqL245Wz+PNtSzPNzgB8LNjTd+XloZn05we
5ZRDNnId6mBBNKodqbW7
=Kbaq
-----END PGP SIGNATURE-----