Similar to a buffer overflow exploit, the new type of vulnerability uses formatting commands to run malicious code. Apparently, some of the code has been vulnerable to these exploits for years, and the bugs are just now getting found and fixed. One such bug has been found in a core package that is relied upon for basic display services by "countless" programs.
That particular bug affects "all Linux and Unix operating systems except OpenBSD and FreeBSD" according to the president of a security company who was interviewed for the article. According to the article, Red Hat has already posted a fix for this bug; browsing the Red Hat site, I came upon this page, dated September 1, that appears to deal with the exploit in question. The article doesn't mention the status of bug fixes for any other Unix variant.
While it's good that this bug is quickly being stamped out, it looks to be a long road ahead; analysts seem to think there are quite a few more format string exploits lurking in the source code. Greeeeeat.