Univention Corporate Server 4.1 erratum 15 (security)

* Incomplete autokey data packet length checks (CVE-2015-7691,
  CVE-2015-7692, CVE-2015-7702)
* Clients that receive a KoD should validate the origin timestamp
  field (CVE-2015-7704, CVE-2015-7705)
* configuration directives "pidfile" and "driftfile" should only be
  allowed locally (CVE-2015-7703)
* Slow memory leak in CRYPTO_ASSOC (CVE-2015-7701)
* remote config logfile-keyfile (CVE-2015-7850)
* saveconfig Directory Traversal Vulnerability (CVE-2015-7851)
* ntpq atoascii() Memory Corruption Vulnerability (CVE-2015-7852)
* decodenetnum() will ASSERT botch instead of returning FAIL on some
  bogus values (CVE-2015-7855)
* NAK to the Future: Symmetric association authentication bypass via
  crypto-NAK (CVE-2015-7871)
* MITM attacker can force ntpd to make a step larger than the panic
  threshold (CVE-2015-5300)
* ntpd crash when processing config commands with statistics type
  (CVE-2015-5195)
* crash with crafted logconfig configuration command (CVE-2015-5194)
* ntpd control message crash: Crafted NUL-byte in configuration
  directive (CVE-2015-5146)
* infinite loop in sntp processing crafted packet (CVE-2015-5219)
* ntp-keygen may generate non-random symmetric keys on big-endian
  systems (CVE-2015-3405)
* when Autokey Authentication is enabled, ntp_crypto.c allows remote
  attackers to obtain sensitive information from process memory or
  cause a denial of service (daemon crash) via a crafted packet
  (CVE-2014-9750)
* The read_network_packet function in ntp_io.c does not properly
  determine whether a source IP address is an IPv6 loopback address,
  which makes it easier for remote attackers to spoof restricted
  packets, and read or write to the runtime state, by leveraging the
  ability to reach the ntpd machine's network interface with a packet
  from the ::1 address (CVE-2014-9751)