About Ubuntu

=========================================================== Ubuntu Security Notice USN-332-1 August 03, 2006 gnupg vulnerability CVE-2006-3746 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 5.04 Ubuntu 5.10 Ubuntu 6.06 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.04: gnupg 1.2.5-3ubuntu5.5 Ubuntu 5.10: gnupg 1.4.1-1ubuntu1.4 Ubuntu 6.06 LTS: gnupg 1.4.2.2-1ubuntu2.2 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Evgeny Legerov discovered that gnupg did not sufficiently check the validity of the comment and a control field. Specially crafted GPG data could cause a buffer overflow. This could be exploited to execute arbitrary code with the user's privileges if an attacker can trick an user into processing a malicious encrypted/signed document with gnupg.