gnutls security update

CentOS Errata and Security Advisory CESA-2008:0492

The GnuTLS Library provides support for cryptographic algorithms and
protocols such as TLS. GnuTLS includes libtasn1, a library developed for
ASN.1 structures management that includes DER encoding and decoding.

Flaws were found in the way GnuTLS handles malicious client connections. A
malicious remote client could send a specially crafted request to a service
using GnuTLS that could cause the service to crash. (CVE-2008-1948,
CVE-2008-1949, CVE-2008-1950)

We believe it is possible to leverage the flaw CVE-2008-1948 to execute
arbitrary code but have been unable to prove this at the time of releasing
this advisory. Red Hat Enterprise Linux 4 does not ship with any
applications directly affected by this flaw. Third-party software which
runs on Red Hat Enterprise Linux 4 could, however, be affected by this
vulnerability. Consequently, we have assigned it important severity.

Users of GnuTLS are advised to upgrade to these updated packages, which
contain a backported patch that corrects these issues.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2008-May/077089.html
https://lists.centos.org/pipermail/centos-announce/2008-May/077090.html
https://lists.centos.org/pipermail/centos-announce/2008-May/077097.html
https://lists.centos.org/pipermail/centos-announce/2008-May/077099.html

Affected packages:
gnutls
gnutls-devel

Upstream details at:
https://access.redhat.com/errata/RHSA-2008:0492