GnuTLS is an implementation of Secure Sockets Layer (SSL) 3.0 and Transport Layer Security (TLS) 1.0, 1.1 and 1.2.
Ossi Herrala and Jukka Taimisto of Codenomicon reported three vulnerabilities in libgnutls of GnuTLS:
Unauthenticated remote attackers could exploit these vulnerabilities to cause Denial of Service conditions in daemons using GnuTLS. The first vulnerability (CVE-2008-1948) might allow for the execution of arbitrary code with the privileges of the daemon handling incoming TLS connections.
There is no known workaround at this time.
All GnuTLS users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/gnutls-2.2.5"