A new update is available for Univention Corporate Server 3.1 as
part of the extended security maintenance.
It addresses the following problem:

Program component:  unzip
Reference:          CVE-2014-8139
                    CVE-2014-8140
                    CVE-2014-8141
                    CVE-2014-9636
Fixed version:      6.0-4.31.201506121311

It addresses the following issues:
* CVE-2014-8139: CRC32 verification heap-based overflow
* CVE-2014-8140: out-of-bounds write issue in test_compr_eb()
* CVE-2014-8141: out-of-bounds read issues in getZip64Data()
* CVE-2014-9636: Fix heap overflow. Ensure that compressed
  and uncompressed block sizes match when using STORED method
  in extract.c.

-- 
Univention GmbH
be open.
Mary-Somerville-Str.1
28359 Bremen
Tel. : +49 421 22232-0
Fax  : +49 421 22232-99

<info@univention.de>
http://www.univention.de/

Geschäftsführer: Peter H. Ganten
HRB 20755 Amtsgericht Bremen
Steuer-Nr.: 71-597-02876