-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

A new update is available for Univention Corporate Server 3.1 as
part of the extended security maintenance.
It addresses the following problem:

Program component:  sudo
Reference:          CVE-2014-0106 CVE-2014-9680
Fixed version:      1.7.4p4-2.squeeze.5.38.201504082027

Two vulnerabilities have been found in sudo:
 * env_delete ignored for environment variables specified
   on the command line when env_reset is disabled (CVE-2014-0106)
 * Arbitrary file access via user defined TZ environment variable
   (CVE-2014-9680)

- --
Univention GmbH
be open.
Mary-Somerville-Str.1
28359 Bremen
Tel. : +49 421 22232-0
Fax  : +49 421 22232-99

<info@univention.de>
http://www.univention.de/

Geschäftsführer: Peter H. Ganten
HRB 20755 Amtsgericht Bremen
Steuer-Nr.: 71-597-02876
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBAgAGBQJVJXrFAAoJEC07aMN37ihbQ3sP/izli6DYPBmflwx3e+fo3QjM
5tHnG2mtyU50uDKWiCeWxBePcqGchcVwTPZWRSAP3mdkX9fswprl1PKITzBt9SdR
CRBbQXUku9KwtkO5XBep117Pt3d9c7EneWs4eaFZaiMBfUDfw2cf36qfg78J3wH2
fStaSJSGtl5Nucj/Dk9JEoTq8nyPIf4XOTamsSthozuFAudGS8kzNE0jZkfljfgw
RFZaacKMHYb4jlkj3Hcp7a6GCZDAEDrBlY2mWKFJv5PzgZosOe9e2rKzPGO0ac5D
m5Rm+fW5AIAYGtERow+9hzGX8RgToS5hrdn98tH08ZMHoN2kII4dPsiU5yUAm546
kgksi1suHAeP+HZp3r/YDMgR1rMQzCKCDPvOo4ix+6VNUkFfF5hODKbbIZ4WT8sl
8w8wzd5X+OISuNONtXh37bUTONnvsAdmr+ws60gMfBzaSyWSS8SfCCIZzzQiOj/E
tm6FnbQvTfNmc/vNZnwV9EVF2SYOTrW+GdhceNay1Ws7Garsk2NZTsBR31DZJQnl
6fXeWdAq2fOzj0gAIE1nKuncUIkJX/VsZdrCs2oFqZtsZN9X9ABdh9TY5qDWTwe0
8LbF61pIUpzQBsns6RmCueBYhSbCkCNjaDPY4L/cpCMVtmz4D7WSVAIyLq4s/H3Z
/M4PiN0RaouawCvmckjS
=PiHV
-----END PGP SIGNATURE-----