If you use PGP, the free PGP replacement, then you need to update your software to v220.127.116.11 due to a huge security hole that allows injection of unsigned data. Tavis Ormandy discovered the problem and reported it to the developers.
In summary, "Signature verification of non-detached signatures may give a positive result but when extracting the signed data, this data may be prepended or appended with extra data not covered by the signature. Thus it is possible for an attacker to take any signed message and inject extra arbitrary data."
Read the technical nitty gritty here, and get the latest version here .