Open-Xchange releases UCS Security Update 2011-10-25

This release provides a security update of Univention Corporate Server 2.4 which is integrated at Open-Xchange Advanced Server Edition and Open-Xchange Server Edition for UCS. We encourage administrators to install this update. The security update is available for all customers with a valid Open-Xchange license.

Please Note: This security update combines all last UCS Hotfix Releases. If there is already activated "Hotfix Installation" ( and all previous Hotfix Releases have been installed, the security update isn't available at the UCS update manager.

Fixed Components:
  • Apache Portable Runtime (CVE-2011-0419, CVE-2011-1928)
  • Avahi (CVE-2011-1002)
  • CIFS-Utils (CVE-2010-0624CVE-2011-1678)
  • cpio (CVE-2010-0624)
  • Cups (CVE-2011-2896CVE-2011-3170)
  • Curl (CVE-2011-2192)
  • FFMpeg-Multimedia-Bibliotheken (CVE-2010-3249 CVE-2010-4704 CVE-2010-4705)
  • Firefox (CVE-2011-2372 CVE-2011-2995 CVE-2011-2996 CVE-2011-2998 CVE-2011-2999CVE-2011-3000)
  • Flash-Plugin (CVE-2011-2426 CVE-2011-2427 CVE-2011-2428 CVE-2011-2429 CVE-2011-2430CVE-2011-2444)
  • Heimdal (CVE-2010-1321)
  • LibXML2 (CVE-2011-1944)
  • OpenLDAP (CVE-2011-1081)
  • Poppler (CVE-2010-3702CVE-2010-3704)
  • Subversion (CVE-2009-2411 CVE-2010-3315 CVE-2010-4539 CVE-2010-4644 CVE-2011-0715 CVE-2011-1752 CVE-2011-1783 CVE-2011-1921)
  • Tiff-Bibliothek (CVE-2011-0191 CVE-2011-0192 CVE-2011-1167)
  • X11-xserver-utils (CVE-2011-0465)

Installation of this security update:

The system can be updated as usual for UCS using the univention-updater net command or the UMC module Online Update.
  • Please enter your username/password first under the component called „OX" and activate it.
  • In the online-updates module of UMC, under Release information, there is provided the new update
  • Click on "Install this update"
  • Reboot