As reported in the press, the so-called “Heartbleed bug” of the security software OpenSSL enabled the reading of encrypted information. OpenSSL generally allows to implement network protocols and encryptions. It is also used to order, produce and manage certificates. Due to this bug, the data of affected systems, e.g. private keys of X.509 certificates, user names and passwords could be copied unauthorized.
The OpenSSL versions used in Univention Corporater Server (UCS) are not affected by this security gap, which has appeared only from the OpenSSL version 1.0.1 of 14th March 2012. All UCS 3 versions use older OpenSSL versions, which do not contain the code partition in question.