About Ubuntu

=========================================================== Ubuntu Security Notice USN-304-1 June 26, 2006 gnupg vulnerability CVE-2006-3082 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.04 Ubuntu 5.10 Ubuntu 6.06 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.04: gnupg 1.2.5-3ubuntu5.4 Ubuntu 5.10: gnupg 1.4.1-1ubuntu1.3 Ubuntu 6.06 LTS: gnupg 1.4.2.2-1ubuntu2.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Evgeny Legerov discovered that GnuPG did not sufficiently check overly large user ID packets. Specially crafted user IDs caused a buffer overflow. By tricking an user or remote automated system into processing a malicous GnuPG message, an attacker could exploit this to crash GnuPG or possibly even execute arbitrary code.