"This library has been an accepted part of the Linux OS for years now, and Red Hat in particular which is so often used as a web server OS, and so surprise has been expressed by many (quite rightly) at how it could go undetected so long in an open source OS."

Just a note to prevent anyone drawing the wrong conclusion from this: RH OSes don't usually use gnutls for web server security. We provide the Apache modules for all three major SSL/TLS libraries - mod_security (OpenSSL), mod_gnutls (gnutls) and mod_nss (NSS). mod_security is the one you're most likely to wind up with if you don't make an explicit choice. Your webserver is obviously only vulnerable to this exploit if you're using mod_gnutls (and you haven't installed the update yet).