Before making my move over to the CrackBook MacBook I was an Evolution user on SuSE. I have to admit that at the time I quite enjoyed using this email client. It appears that there is a moderately critical vulnerability in the client that can be exploited by ne’er do wells.
From Secunia:
Description:
Secunia Research has discovered a vulnerability in Evolution, which potentially can be exploited by malicious people to compromise a vulnerable system.
A format string error in the “write_html()” function in calendar/gui/e-cal-component-memo-preview.c when displaying a memo’s categories can potentially be exploited to execute arbitrary code via a specially crafted shared memo containing format specifiers.
Successful exploitation requires that the user opens a shared memo in their mailbox, clicks on “Accept”, and views the memo under the “Memo” tab.
NOTE: The categories are not displayed in the mailbox view of a shared memo.
The vulnerability is confirmed in version 2.8.2.1. Other versions may also be affected.
Solution:
Do not open untrusted shared memos.
Various Linux vendors will issue patched versions soon.
[tags]Evolution, Novell, Email Client, Format String, Vulnerability[/tags]
