A new update is available for Univention Corporate Server 3.1 as
part of the extended security maintenance.
It addresses the following problem:

Program component:  curl
Reference:          CVE-2014-3613 CVE-2014-3707 CVE-2015-3143 CVE-2015-3148
                    CVE-2014-8150
Fixed version:      7.21.0-7.52.201506031400

* Information leak in cookie handling (CVE-2014-3613)
* Information leak in curl_easy_duphandle() (CVE-2014-3707)
* Re-using authenticated connection when unauthenticated (CVE-2015-3143)
* Negotiate not treated as connection-oriented (CVE-2015-3148)
* Fix URL request injection (CVE-2014-8150)

--
Univention GmbH
be open.
Mary-Somerville-Str.1
28359 Bremen
Tel. : +49 421 22232-0
Fax  : +49 421 22232-99

<info@univention.de>
http://www.univention.de/

Geschäftsführer: Peter H. Ganten
HRB 20755 Amtsgericht Bremen
Steuer-Nr.: 71-597-02876