A new erratum update is available for Univention Corporate Server 4.0.
It is applicable to the following patch-levels: 2.
It addresses the following problem:

Program component:  qemu-kvm
Reference:          CVE-2015-4037, CVE-2015-3209, bug 38744
Fixed version:      1.1.2+dfsg-6.47.201506231351

These vulnerabilities have been fixed in qemu-kvm:
* Denial of service due to insecure temporary file use in /net/slirp.c
  (CVE-2015-4037)
* A privileged guest user in a guest with an AMD PCNet ethernet card enabled
  can potentially use this flaw to execute arbitrary code on the host with
  the privileges of the hosting QEMU process (CVE-2015-3209)

We recommend to update your UCS installation. Updated packages are
available in the Univention online repository, which is automatically
added to the apt packages sources. The following procedures can be
used to update a UCS installation:

1. A single system can be updated in the web interface of the
Univention Management Console through the "Software update" module.

2. A single system can be updated on the command line by running the
command "univention-upgrade"

3. Multiple systems can be updated through a maintenance policy.

Additional information can be found in the UCS manual.