A new update is available for Univention Corporate Server 3.1 as
part of the extended security maintenance.
It addresses the following issues:

Program component:  openvpn
Reference:          CVE-2014-8104 CVE-2013-2061
Fixed version:      2.1.3-2.22.201508311636

The following issues have been fixed:
* OpenVPN clients using TLS authentication could crash the server by
  sending a malicious control channel packet to the server, resulting
  in denial of service (CVE-2014-8104).
* When running in UDP mode, OpenVPN allows remote attackers to obtain
  sensitive information via a timing attack involving an HMAC comparison
  function that does not run in constant time and a padding oracle attack
  on the CBC mode cipher (CVE-2013-2061).


-- 
Univention GmbH
be open.
Mary-Somerville-Str.1
28359 Bremen
Tel. : +49 421 22232-0
Fax  : +49 421 22232-99

<info@univention.de>
http://www.univention.de/

Geschäftsführer: Peter H. Ganten
HRB 20755 Amtsgericht Bremen
Steuer-Nr.: 71-597-02876