GnuTLS X.509 Certificate Serial Number Decoding Remote Security Vulnerability

http://www.securityfocus.com/bid/38959/info

"An attacker can exploit this issue to potentially execute arbitrary
code, trigger denial-of-service conditions, or bypass certificate
revocation list (CRL) checks, causing clients to accept expired or
invalid certificates from servers."

This affects GNU GnuTLS 1.2, specifically with RHEL4.

http://rhn.redhat.com/errata/RHSA-2010-0167.html
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0731

GnuTLS 1.2.1 fixes this vulnerability. It should also be noted that
32-bit systems are not affected by this issue.

Updates are available for RHEL4. Please update at your earliest
convenience.

Thanks,
Brian