From the Red Hat bug at https://bugzilla.redhat.com/show_bug.cgi?id=724005:
It was found that libgssapi and libgssglue GSSAPI interface exporting libraries
did not properly sanitize content of user-provided configuration file,
determining which GSS mechanisms and their definitions will be loaded during
library initialization. A local attacker, allowed to mount a network file
system (NFS) share could use this flaw to execute arbitrary code with the
privileges of the the privileged system user (root).
There appears to be a patch at: http://article.gmane.org/gmane.comp.security.oss.general/5712
...this is fixed with version 0.4 which is now in Portage
arches, please test and stabilize it (beware, this was non-maintainer commit):
Stable for HPPA.
GLSA draft ready for review.
This issue was resolved and addressed in
GLSA 201209-22 at http://security.gentoo.org/glsa/glsa-201209-22.xml
by GLSA coordinator Sean Amoss (ackle).