Ubuntu Security Notice USN-803-1 – It was discovered that the DHCP client as included in dhcp3 did not verify the length of certain option fields when processing a response from an IPv4 dhcp server. If a user running Ubuntu 6.06 LTS or 8.04 LTS connected to a malicious dhcp server, a remote attacker could cause a denial of service or execute arbitrary code as the user invoking the program, typically the ‘dhcp’ user. For users running Ubuntu 8.10 or 9.04, a remote attacker should only be able to cause a denial of service in the DHCP client. In Ubuntu 9.04, attackers would also be isolated by the AppArmor dhclient3 profile.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/79198/USN-803-1.txt
Source: https://packetstormsecurity.com/files/79198/Ubuntu-Security-Notice-803-1.html