Univention Corporate Server 4.4 erratum 274 (security)

This update addresses the following issues:
* There was a heap-based buffer overflow in the function excluded_channels()
  in libfaad/syntax.c. (CVE-2018-19502)
* There was a stack-based buffer overflow in the function calculate_gain() in
  libfaad/sbr_hfadj.c. (CVE-2018-19503)
* There is a NULL pointer dereference in ifilter_bank() in
  libfaad/filtbank.c. (CVE-2018-19504)
* There is a stack-based buffer underflow in the third instance of the
  calculate_gain function in libfaad/sbr_hfadj.c. A crafted input will lead
  to a denial of service or possibly unspecified other impact because
  limiting the additional noise energy level is mishandled for the G_max <= G
  case. (CVE-2018-20194)
* A NULL pointer dereference was discovered in ic_predict of
  libfaad/ic_predict.c. The vulnerability causes a segmentation fault and
  application crash, which leads to denial of service. (CVE-2018-20195)
* There is a stack-based buffer underflow in the third instance of the
  calculate_gain function in libfaad/sbr_hfadj.c. A crafted input will lead
  to a denial of service or possibly unspecified other impact because
  limiting the additional noise energy level is mishandled for the G_max > G
  case. (CVE-2018-20197)
* A NULL pointer dereference was discovered in ifilter_bank of
  libfaad/filtbank.c. The vulnerability causes a segmentation fault and
  application crash, which leads to denial of service because adding to
  windowed output is mishandled in the LONG_START_SEQUENCE case.
  (CVE-2018-20198)
* A NULL pointer dereference was discovered in sbr_process_channel of
  libfaad/sbr_dec.c. The vulnerability causes a segmentation fault and
  application crash. (CVE-2018-20357)
* An invalid memory address dereference was discovered in the lt_prediction
  function of libfaad/lt_predict.c. The vulnerability causes a segmentation
  fault and application crash, which leads to denial of service.
  (CVE-2018-20358)
* An invalid memory address dereference was discovered in the
  sbrDecodeSingleFramePS function of libfaad/sbr_dec.c. The vulnerability
  causes a segmentation fault and application crash, which leads to denial of
  service. (CVE-2018-20359)
* An invalid memory address dereference was discovered in the hf_assembly
  function of libfaad/sbr_hfadj.c. The vulnerability causes a segmentation
  fault and application crash, which leads to denial of service.
  (CVE-2018-20361)
* A NULL pointer dereference was discovered in ifilter_bank of
  libfaad/filtbank.c. The vulnerability causes a segmentation fault and
  application crash because adding to windowed output is mishandled in the
  EIGHT_SHORT_SEQUENCE case. (CVE-2018-20362)
* The faad_resetbits function in libfaad/bits.c is affected by a buffer
  overflow vulnerability. The number of bits to be read is determined by
  ld->buffer_size - words*4, cast to uint32. If ld->buffer_size - words*4 is
  negative, a buffer overflow is later performed via
  getdword_n(&ld->start[words], ld->bytes_left). (CVE-2019-15296)