kernel security update

CentOS Errata and Security Advisory CESA-2007:0376

The Linux kernel handles the basic functions of the operating system.

These new kernel packages contain fixes for the following security issues:

• a flaw in the mount handling routine for 64-bit systems that allowed a
  local user to cause denial of service (CVE-2006-7203, Important).

• a flaw in the PPP over Ethernet implementation that allowed a remote user
  to cause a denial of service (CVE-2007-2525, Important).

• a flaw in the Bluetooth subsystem that allowed a local user to trigger an
  information leak (CVE-2007-1353, Low).

• a bug in the random number generator that prevented the manual seeding of
  the entropy pool (CVE-2007-2453, Low).

In addition to the security issues described above, fixes for the following
have been included:

• a race condition between ext3_link/unlink that could create an orphan
  inode list corruption.

• a bug in the e1000 driver that could lead to a watchdog timeout panic.

Red Hat Enterprise Linux 5 users are advised to upgrade to these packages,
which contain backported patches to correct these issues.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2007-June/076101.html
https://lists.centos.org/pipermail/centos-announce/2007-June/076102.html

Affected packages:
kernel
kernel-PAE
kernel-PAE-devel
kernel-devel
kernel-doc
kernel-headers
kernel-xen
kernel-xen-devel

Upstream details at:
https://access.redhat.com/errata/RHSA-2007:0376