Referenced CVEs:
CVE-2008-4776
Description:
===========================================================Ubuntu Security Notice USN-692-1 December 17, 2008ekg, libgadu vulnerabilityCVE-2008-4776===========================================================A security issue affects the following Ubuntu releases:Ubuntu 6.06 LTSUbuntu 7.10Ubuntu 8.04 LTSUbuntu 8.10This advisory also applies to the corresponding versions ofKubuntu, Edubuntu, and Xubuntu.The problem can be corrected by upgrading your system to thefollowing package versions:Ubuntu 6.06 LTS: libgadu3 1:1.6+20051103-1ubuntu1.1Ubuntu 7.10: libgadu3 1:1.7~rc2-2ubuntu0.7.10.1Ubuntu 8.04 LTS: libgadu3 1:1.7~rc2-2ubuntu0.8.04.1Ubuntu 8.10: libgadu3 1:1.8.0+r592-1ubuntu0.1After a standard system upgrade you need to restart your session to effectthe necessary changes.Details follow:It was discovered that the Gadu library, used by some Instant Messagingclients, did not correctly verify certain packet sizes from the server.If a user connected to a malicious server, clients using Gadu could bemade to crash, leading to a denial of service.