Univention Corporate Server 4.2 erratum 395 (security)

This update addresses the following issues:
* CVE-2016-8667 hw: dma: divide by zero error in set_next_tick
* CVE-2016-9603 cirrus: heap buffer overflow via vnc connection
* CVE-2017-6505 usb: an infinite loop issue in ohci_service_ed_list
* CVE-2017-7377 9pfs: host memory leakage via v9fs_create
* CVE-2017-7471 9p: virtfs allows guest to change filesystem attributes on
  host
* CVE-2017-7493 9pfs: guest privilege escalation in virtfs mapped-file mode
* CVE-2017-8086 9pfs: host memory leakage via v9pfs_list_xattr
* CVE-2017-8112 scsi: vmw_pvscsi: infinite loop in pvscsi_log2
* CVE-2017-8309 audio: host memory leakage via capture buffer
* CVE-2017-8379 input: host memory lekage via keyboard events
* CVE-2017-8380 scsi: megasas: out-of-bounds read in megasas_mmio_write
* CVE-2017-9310 net: infinite loop in e1000e NIC emulation
* CVE-2017-9330 usb: ohci: infinite loop due to incorrect return value
* CVE-2017-9373 ide: ahci host memory leakage during hotunplug
* CVE-2017-9374 usb: ehci host memory leakage during hotunplug
* CVE-2017-9375 usb: xhci infinite recursive call via xhci_kick_ep
* CVE-2017-9524 nbd: segmentation fault due to client non-negotiation
* CVE-2017-10664 qemu-nbd: server breaks with SIGPIPE upon client abort
* CVE-2017-10806 usb-redirect: stack buffer overflow in debug logging
* CVE-2017-10911 xen: blkif responses leak backend stack data (XSA-216)
* CVE-2017-11334 exec: oob access during dma operation
* CVE-2017-11434 slirp: out-of-bounds read while parsing dhcp options
* CVE-2017-12809 ide: flushing of empty CDROM drives leads to NULL
  dereference
* CVE-2017-13672 vga: OOB read access during display update
* CVE-2017-13711 Slirp: use-after-free when sending response
* CVE-2017-14167 i386: multiboot OOB access while loading kernel image