Quoting upstream security advisory: http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3515 Miroslav Kratochvil reported that he was able to crash libgnutls when experimenting with (corrupt) DSA keys. The client crashes when verifying invalid DSA signatures provided by the remote server when using a DSA ciphersuite. The code that crashes is also used for verifying DSA signatures in X.509 Certificates, and for verifying RSA/DSA signatures in OpenPGP keys. Only GnuTLS 2.6.x is affected. GnuTLS 2.4.x and earlier did not contain the buggy code. Fixed upstream in 2.6.6: http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3514
This issue did not affect versions of gnutls shipped in Red Hat Enterprise Linux 4 and 5, and Fedora up to version 10, as they are based on upstream versions prior to 2.6. gnutls 2.6.x is currently in F11/Rawhide, mingw32-gnutls based on upstream 2.6.x version is in F10 too.
Common Vulnerabilities and Exposures assigned an identifier CVE-2009-1415 to the following vulnerability: Name: CVE-2009-1415 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1415 Assigned: 20090424 Reference: MLIST:[gnutls-devel] 20090423 Re: some crashes on using DSA keys Reference: URL: http://permalink.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3502 Reference: MLIST:[gnutls-devel] 20090430 Double free and free of invalid pointer on certain errors [GNUTLS-SA-2009-1] [CVE-2009-1415] Reference: URL: http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3515 Reference: CONFIRM: http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3488 Reference: SECUNIA:34842 Reference: URL: http://secunia.com/advisories/34842 lib/pk-libgcrypt.c in libgnutls in GnuTLS before 2.6.6 does not properly handle invalid DSA signatures, which allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a malformed DSA key that triggers a (1) free of an uninitialized pointer or (2) double free.
Fedora 11 contains gnutls-2.6.6-1.fc11 so there is nothing actually vulnerable to this issue.