The GnuTLS library provides support for cryptographic algorithms and forprotocols such as Transport Layer Security (TLS).A flaw was found in the way the TLS/SSL (Transport Layer Security/SecureSockets Layer) protocols handled session renegotiation. A man-in-the-middleattacker could use this flaw to prefix arbitrary plain text to a client'ssession (for example, an HTTPS connection to a website). This could forcethe server to process an attacker's request as if authenticated using thevictim's credentials. This update addresses this flaw by implementing theTLS Renegotiation Indication Extension, as defined in RFC 5746.(CVE-2009-3555)Refer to the following Knowledgebase article for additional details aboutthe CVE-2009-3555 flaw: http://kbase.redhat.com/faq/docs/DOC-20491A flaw was found in the way GnuTLS extracted serial numbers from X.509certificates. On 64-bit big endian platforms, this flaw could cause thecertificate revocation list (CRL) check to be bypassed; cause variousGnuTLS utilities to crash; or, possibly, execute arbitrary code.(CVE-2010-0731)Users of GnuTLS are advised to upgrade to these updated packages, whichcontain backported patches to correct these issues. For the update to takeeffect, all applications linked to the GnuTLS library must be restarted, orthe system rebooted.