RedHat Security Advisory RHSA-2009:1232

The remote host is missing updates announced in advisory RHSA-2009:1232. The GnuTLS library provides support for cryptographic algorithms and for protocols such as Transport Layer Security (TLS). A flaw was discovered in the way GnuTLS handles NULL characters in certain fields of X.509 certificates. If an attacker is able to get a carefully-crafted certificate signed by a Certificate Authority trusted by an application using GnuTLS, the attacker could use the certificate during a man-in-the-middle attack and potentially confuse the application into accepting it by mistake. (CVE-2009-2730) Users of GnuTLS are advised to upgrade to these updated packages, which contain a backported patch that corrects this issue.
Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date