The remote host is missing an update to dhcp3 announced via advisory USN-803-1.

The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: dhcp3-client 3.0.3-6ubuntu7.1 dhcp3-client-udeb 3.0.3-6ubuntu7.1 Ubuntu 8.04 LTS: dhcp3-client 3.0.6.dfsg-1ubuntu9.1 dhcp3-client-udeb 3.0.6.dfsg-1ubuntu9.1 Ubuntu 8.10: dhcp3-client 3.1.1-1ubuntu2.1 dhcp3-client-udeb 3.1.1-1ubuntu2.1 Ubuntu 9.04: dhcp3-client 3.1.1-5ubuntu8.1 dhcp3-client-udeb 3.1.1-5ubuntu8.1 After a standard system upgrade you need to restart any DHCP network connections utilizing dhclient3 to effect the necessary changes. https://secure1.securityspace.com/smysecure/catid.html?in=USN-803-1

It was discovered that the DHCP client as included in dhcp3 did not verify the length of certain option fields when processing a response from an IPv4 dhcp server. If a user running Ubuntu 6.06 LTS or 8.04 LTS connected to a malicious dhcp server, a remote attacker could cause a denial of service or execute arbitrary code as the user invoking the program, typically the 'dhcp' user. For users running Ubuntu 8.10 or 9.04, a remote attacker should only be able to cause a denial of service in the DHCP client. In Ubuntu 9.04, attackers would also be isolated by the AppArmor dhclient3 profile.