A new update is available for Univention Corporate Server 3.1 as
part of the extended security maintenance.
It addresses the following issues:

Program component:  squid3
Reference:          CVE-2015-5400 CVE-2014-3609
                    CVE-2012-5643 CVE-2013-0189
Fixed version:      3.1.6-1.2.12.201509010801

More details about the issues: 
* Do not blindly forward cache peer CONNECT responses (CVE-2015-5400)
* Denial of service through malformed Range: headers (CVE-2014-3609)
* Denial of service (memory consumption) via (1) invalid Content-Length
  headers, (2) long POST requests, or (3) crafted authentication
  credentials (CVE-2012-5643)
* Denial of service (resource consumption) via a crafted request 
  (CVE-2013-0189)

-- 
Univention GmbH
be open.
Mary-Somerville-Str.1
28359 Bremen
Tel. : +49 421 22232-0
Fax  : +49 421 22232-99

<info@univention.de>
http://www.univention.de/

Geschäftsführer: Peter H. Ganten
HRB 20755 Amtsgericht Bremen
Steuer-Nr.: 71-597-02876