Open-Xchange releases UCS Security Update 2012-05-16

This release provides a security update of Univention Corporate Server 2.4 which is integrated at Open-Xchange Advanced Server Edition and Open-Xchange Server Edition for UCS. We encourage administrators to install this update. The security update is available for all customers with a valid Open-Xchange license.

Please Note: This security update combines all last UCS Hotfix Releases. If there is already activated "Hotfix Installation" (http://sdb.open-xchange.com/node/323) and all previous Hotfix Releases have been installed, the security update isn't available at the UCS update manager.

Fixed Components:
  • Adobe Reader (CVE-2011-4370 CVE-2011-4371 CVE-2011-4372 CVE-2011-4373 CVE-2012-0774 CVE-2012-0775 CVE-2012-0776 CVE-2012-0777)
  • Firefox (CVE-2011-3026 CVE-2011-3062 CVE-2011-3659 CVE-2011-3670 CVE-2012-0442 CVE-2012-0444 CVE-2012-0449 CVE-2012-0455 CVE-2012-0456 CVE-2011-3658 CVE-2012-0458 CVE-2012-0461 CVE-2012-0467 CVE-2012-0469 CVE-2012-0470 CVE-2012-0471 CVE-2012-0473 CVE-2012-0474 CVE-2012-0477 CVE-2012-0478 CVE-2012-0479)
  • Flash-Plugin (CVE-2012-0751 CVE-2012-0752 CVE-2012-0753 CVE-2012-0754 CVE-2012-0755 CVE-2012-0756 CVE-2012-0767 CVE-2012-0768 CVE-2012-0769 CVE-2012-0772 CVE-2012-0773 CVE-2012-0724 CVE-2012-0725 CVE-2012-0779)
  • Freetype (CVE-2012-1133 CVE-2012-1134 CVE-2012-1136 CVE-2012-1142 CVE-2012-1144)
  • Linux 2.6.32 (UCS Bug 26848)
  • Linux-Kernel 2.6.18 (CVE-2009-4067 CVE-2010-3848 CVE-2010-3849 CVE-2010-3850 CVE-2010-4342 CVE-2010-4527 CVE-2010-4529 CVE-2011-0521 CVE-2011-1745 CVE-2011-1746 CVE-2011-2022 CVE-2011-1180 CVE-2011-1476 CVE-2011-2213 CVE-2011-2492 CVE-2011-3191)
  • Libpng (CVE-2011-2501 CVE-2011-3026)
  • PHP (CVE-2010-2531 CVE-2011-1072 CVE-2011-2202 CVE-2011-4153 CVE-2011-4566 CVE-2011-4885 CVE-2012-0057 CVE-2012-0781 CVE-2012-0788 CVE-2012-0831)
  • OpenSSL (CVE-2012-2110 CVE-2012-2131)
  • PythonPAM (CVE-2012-1502)
  • Samba (CVE-2012-1182 CVE-2012-2111)

Installation of this security update:

The system can be updated as usual for UCS using the univention-updater net command or the UMC module Online Update.
  • Please enter your username/password first under the component called „OX" and activate it.
  • In the online-updates module of UMC, under Release information, there is provided the new update
  • Click on "Install this update"
  • Reboot