14 DAY TRIAL // Canonical has released some details about a libgadu vulnerability in its Ubuntu 13.10 and Ubuntu 12.04 LTS operating systems.
Canonical developers have closed another vulnerability for a couple of their supported operating systems, but it seems that Ubuntu 14.04 LTS was not affected by this issue.
According to the security notice, “It was discovered that libgadu incorrectly handled certain messages from file relay servers. A malicious remote server or a man in the middle could use this issue to cause applications using libgadu to crash, resulting in a denial of service, or possibly execute arbitrary code.”
For a more detailed description of the problems, you can see Canonical's security notification. It's safe to say that, if you have any of the above systems, you should consider updating as soon as possible.
The flaws can be fixed if you upgrade your system(s) to the latest libgadu3 packages specific to each distribution. To apply the patch, run the Update Manager application.
If you don't want to use the Software Updater, you can do this from a terminal. Open a terminal and enter the following commands:
sudo apt-get update sudo apt-get dist-upgrade
In general, a standard system update will make all the necessary changes. You will also have to log out and log back in for the changes to take effect.