-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

A new update is available for Univention Corporate Server 3.1 as
part of the extended security maintenance.

Program component:  openssl
Reference:          CVE-2015-3195, CVE-2015-3197, CVE-2016-2105,
                    CVE-2016-2106, CVE-2016-2108, CVE-2016-2109
Fixed version:      0.9.8o-4.121.201605261444

It addresses the following problems:
 * PKCS#7 and CMS routines: malformed X509_ATTRIBUTE structure OpenSSL
   will leak memory (CVE-2015-3195)
 * A malicious client can negotiate SSLv2 ciphers that have been
   disabled on the server and complete SSLv2 handshakes even if all
   SSLv2 ciphers have been disabled, provided that the SSLv2 protocol
   was not also disabled via SSL_OP_NO_SSLv2 (CVE-2015-3197)
 * Additionally, when using a DHE cipher suite a new DH key will
   always be generated for each connection.
 * EVP_EncodeUpdate overflow (CVE-2016-2105)
 * EVP_EncryptUpdate overflow (CVE-2016-2106)
 * Memory corruption in the ASN.1 encoder (CVE-2016-2108)
 * ASN.1 BIO excessive memory allocation (CVE-2016-2109)

- --
Univention GmbH
be open.
Mary-Somerville-Str.1
28359 Bremen
Tel. : +49 421 22232-0
Fax  : +49 421 22232-99

<info@univention.de>
http://www.univention.de/

Geschäftsführer: Peter H. Ganten
HRB 20755 Amtsgericht Bremen
Steuer-Nr.: 71-597-02876
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJXRvW4AAoJEC07aMN37ihbKKgP/jDOvlSIGlnLq3p/6/fceyCA
Qj/ckbGK3N1hJB0D2n5N/7d5CPHZxMn7lYm/pheELYAwETT2AQDMhANJe404Y0PK
tMQ8WViRF13aNIHY9bPsYDqNc6ryZEN+mddNIwwfbIAwCxhFsF+pxjZd7YibHbJU
pc6yqB9uK/a3nKuGNxyWYl469n65rWLprhIt9C1XnbV3gPyOdRB6bKDJSzD/i3R8
1nTYKYO/zT8552/TT4X9nN0e75xmyRueh+JttGYbuMoN6S6qXTk2sgTF+EAU9qWx
vAt6dY0kMZgri/nXEgOZ3mK4A8gai0CXB8oK13RfJ12Yw8AqgK1Mqd0iHwkHzoSo
BnJSZPn6h2qTbJW54KQaDJpg4Y3AP4WdR1K2hm5gpmWQ1n89GeeH6gcNe1TIs0Do
bWEiyQ0PC/uBw0bldB6kI9SfM6zitSJZI6BcWjYSVQKRgs2u9rGx2pE8uWWxL6fy
+ejFlgVUroGdaSLsJRERXBDsJ9txH1qPm6xEegIVKtsD5U5n5tGJodgKPuvqPGuI
WTmhzZGrHlKnqwPE+2yAxu4A0CNTkNS8AbqzKwHeW6uQfxvmekoBZVJAkYoUcFAt
JBeuON+YHrOAt+J7yIqS38c1hco39w4Drvr3UKwKNbr5lKl7oPVbsgUccbAZmEfV
8JzybI9l1boYChh0IRzF
=/e59
-----END PGP SIGNATURE-----