Univention Corporate Server 4.1 erratum 295 (security)

This update addresses the following issue(s):
* Remote denial of service (integer overflow and application crash)
  or unspecified other impact (CVE-2016-2177)
* Potential timing side-channel attack by local users on DSA private key
  via dsa_sign_setup function in crypto/dsa/dsa_ossl.c (CVE-2016-2178)
* Remote denial of service (memory consumption) by maintaining
  many crafted DTLS sessions simultaneously (CVE-2016-2179)
* Remote denial of service (out-of-bounds read and application crash)
  via a crafted timestamp file that is mishandled by the "openssl ts"
  command (CVE-2016-2180)
* Remote denial of service (false-positive packet drops)
  via spoofed DTLS records (CVE-2016-2181)
* Remote denial of service (out-of-bounds write and application crash)
  or unspecified other impact via BN_bn2dec function (CVE-2016-2182)
* Remote denial of service via a ticket that is too short (CVE-2016-6302)
* Remote denial of service (out-of-bounds write and application crash)
  or unspecified other impact via MDC2_Update function (CVE-2016-6303)
* Remote denial of service (memory consumption)
  via large OCSP Status Request extensions (CVE-2016-6304)
* Remote denial of service (out-of-bounds read) via crafted certificate
  operations (CVE-2016-6306)
* Remote denial of service (NULL pointer dereference and application crash)
  by triggering a CRL operation (CVE-2016-7052)
* Validate ClientHello session_id field length and send alert on failure
  (RT#4080)
* Validate ClientHello extension field length (RT#4069)
* Change functions to pass in a limit rather than calculate it
* Fix DTLS unprocessed records bug
* Remove LOW from the DEFAULT cipher list (removing singles DES from default)
* Fix missing malloc return value checks
* Ensure all EVP calls have their returns checked where appropriate
* Use newest CRL (RT#4615)