Univention Corporate Server 4.4 erratum 321 (security)

This update addresses the following issues:
* Difficult to exploit vulnerability allows unauthenticated attacker with
  network access via multiple protocols to compromise Java. Successful
  attacks of this vulnerability can result in unauthorized read access to a
  subset of Java. This vulnerability applies to Java deployments, typically
  in clients running sandboxed Java Web Start applications or sandboxed Java
  applets, that load and run untrusted code (e.g., code that comes from the
  internet) and rely on the Java sandbox for security. This vulnerability can
  also be exploited by using APIs in the specified Component, e.g., through a
  web service which supplies data to the APIs. (CVE-2019-2894)
* Missing restrictions on use of custom SocketImpl (CVE-2019-2945)
* Improper handling of Kerberos proxy credentials (CVE-2019-2949)
* NULL pointer dereference in DrawGlyphList (CVE-2019-2962)
* Unexpected exception thrown by Pattern processing crafted regular
  expression (CVE-2019-2964)
* Unexpected exception thrown by XPathParser processing crafted XPath
  expression (CVE-2019-2973)
* Unexpected exception thrown during regular expression processing in Nashorn
  (CVE-2019-2975)
* Incorrect handling of nested jar: URLs in Jar URL handler (CVE-2019-2978)
* Unexpected exception thrown by XPath processing crafted XPath expression
  (CVE-2019-2981)
* Unexpected exception thrown during Font object deserialization
  (CVE-2019-2983)
* Missing glyph bitmap image dimension check in FreetypeFontScaler
  (CVE-2019-2987)
* Integer overflow in bounds check in SunGraphics2D (CVE-2019-2988)
* Incorrect handling of HTTP proxy responses in HttpURLConnection
  (CVE-2019-2989)
* Excessive memory allocation in CMap when reading TrueType font
  (CVE-2019-2992)
* Insufficient filtering of HTML event attributes in Javadoc (CVE-2019-2999)