Gnome Evolution远程格式串处理漏洞

目前厂商已经发布了升级补丁以修复这个安全问题，补丁下载链接： Gentoo已经为此发布了一个安全公告(GLSA-200706-02)以及相应补丁:

GLSA-200706-02：Evolution: User-assisted execution of arbitrary code

链接： http://security.gentoo.org/glsa/glsa-200706-02.xml 所有Evolution用户都应升级到最新版本：

# emerge --sync

# emerge --ask --oneshot --verbose ">=3Dmail-client/evolution-2.8.3-r2"

来源: XF 名称: evolution-writehtml-format-string(33106) 链接:http://xforce.iss.net/xforce/xfdb/33106 来源: BUGTRAQ 名称: 20070405 FLEA-2007-0010-1: evolution 链接:http://www.securityfocus.com/archive/1/archive/1/464820/30/7170/threaded 来源: MISC 链接:http://secunia.com/secunia_research/2007-44/advisory/ 来源: SECUNIA 名称: 24234 链接:http://secunia.com/advisories/24234 来源: REDHAT 名称: RHSA-2007:0158 链接:https://rhn.redhat.com/errata/RHSA-2007-0158.html 来源: UBUNTU 名称: USN-442-1 链接:http://www.ubuntu.com/usn/usn-442-1 来源: SECTRACK 名称: 1017808 链接:http://www.securitytracker.com/id?1017808 来源: BID 名称: 23073 链接:http://www.securityfocus.com/bid/23073 来源: BUGTRAQ 名称: 20070321 Secunia Research: Evolution Shared Memo Categories Format StringVulnerability 链接:http://www.securityfocus.com/archive/1/archive/1/463406/100/0/threaded 来源: SUSE 名称: SUSE-SR:2007:015 链接:http://www.novell.com/linux/security/advisories/2007_15_sr.html 来源: MANDRIVA 名称: MDKSA-2007:070 链接:http://www.mandriva.com/security/advisories?name=MDKSA-2007:070 来源: VUPEN 名称: ADV-2007-1058 链接:http://www.frsirt.com/english/advisories/2007/1058 来源: DEBIAN 名称: DSA-1325 链接:http://www.debian.org/security/2007/dsa-1325 来源: GENTOO 名称: GLSA-200706-02 链接:http://security.gentoo.org/glsa/glsa-200706-02.xml 来源: SECUNIA 名称: 25880 链接:http://secunia.com/advisories/25880 来源: SECUNIA 名称: 25551 链接:http://secunia.com/advisories/25551 来源: SECUNIA 名称: 25102 链接:http://secunia.com/advisories/25102 来源: SECUNIA 名称: 24668 链接:http://secunia.com/advisories/24668 来源: SECUNIA 名称: 24651 链接:http://secunia.com/advisories/24651