GNOME Evolution Vulnerability

US-CERT is aware of a vulnerability in GNOME Evolution. This vulnerability, which is caused by a format string error in the "emf_multipart_encrypted()" function in mail/em-format.c, occurs when displaying data from an encrypted email message. By convincing a user to select a specially crafted email message, a remote, authenticated attacker may be able to execute arbitrary code.

US-CERT encourages users and administrators to apply updates as soon as possible. Administrators who compile Evolution from source should refer to GNOME Bug ID 520745; others should refer to their operating system vendor for updated software.

US-CERT will provide more information as it becomes available.