Open-Xchange releases UCS Security Update 2011-09-07

This release provides a security update of Univention Corporate Server 2.4 which is integrated at Open-Xchange Advanced Server Edition and Open-Xchange Server Edition for UCS. We encourage administrators to install this update. The security update is available for all customers with a valid Open-Xchange license.

Please Note: This security update combines all last UCS Hotfix Releases. If there is already activated "Hotfix Installation" (http://sdb.open-xchange.com/node/323) and all previous Hotfix Releases have been installed, the security update isn't available at the UCS update manager.

Fixed Components:
  • Apache (CVE-2011-1452CVE-2011-3192)
  • ClamAV (CVE-2011-2721)
  • Evolution Data Server (CVE-2009-0547 CVE-2009-0582 CVE-2009-0587)
  • Freetype (CVE-2011-0226)
  • Firefox (CVE-2011-0083 CVE-2011-0084 CVE-2011-0085 CVE-2011-2362 CVE-2011-2363 CVE-2011-2364 CVE-2011-2365 CVE-2011-2370 CVE-2011-2371 CVE-2011-2373 CVE-2011-2374 CVE-2011-2376 CVE-2011-2377 CVE-2011-2378 CVE- 2011-2981 CVE-2011-2982 CVE-2011-2983 CVE-2011-2984)
  • Flash-Plugin ( CVE-2011-2130 CVE-2011-2134 CVE-2011-2135 CVE-2011-2136 CVE-2011-2137 CVE-2011-2138 CVE-2011-2139 CVE-2011-2140 CVE-2011-2414 CVE-2011-2415 CVE-2011-2416 CVE-2011-2417 CVE-2011-2425)
  • Imlib (CVE-2008-6079)
  • ISC DHCP-Server (CVE-2011-2748 CVE-2011-2749)
  • kdegraphics/kpdf (CVE-2010-3702 CVE-2010-3704)
  • LibPNG (CVE-2011-2690 CVE-2011-2691 CVE-2011-2692)
  • LibSndFile (CVE-2011-2696)
  • LibWWW-Perl (CVE-2010-2253)
  • LibXFont (CVE-2011-2895)
  • Oracle Java (CVE-2011-0862 CVE-2011-0873 CVE-2011-0815 CVE-2011-0817 CVE-2011-0863 CVE-2011-0864 CVE-2011-0802 CVE-2011-0814 CVE-2011-0871 CVE-2011-0786 CVE-2011-0788 CVE-2011-0866 CVE-2011-0868 CVE- 2011-0872 CVE-2011-0867 CVE-2011-0869 CVE-2011-0865)
  • Socat(CVE-2010-2799)
  • xpdf(CVE-2010-3702CVE-2010-3704)

Installation of this security update:

The system can be updated as usual for UCS using the univention-updater net command or the UMC module Online Update.
  • Please enter your username/password first under the component called „OX" and activate it.
  • In the online-updates module of UMC, under Release information, there is provided the new update
  • Click on "Install this update"
  • Reboot