(RHSA-2007:0347) Important: kernel security and bug fix update

The Linux kernel handles the basic functions of the operating system.

These new kernel packages contain fixes for the following security issues:

• a flaw in the handling of IPv6 type 0 routing headers that allowed remote
  users to cause a denial of service that led to a network amplification
  between two routers (CVE-2007-2242, Important).

• a flaw in the nfnetlink_log netfilter module that allowed a local user to
  cause a denial of service (CVE-2007-1496, Important).

• a flaw in the flow list of listening IPv6 sockets that allowed a local
  user to cause a denial of service (CVE-2007-1592, Important).

• a flaw in the handling of netlink messages that allowed a local user to
  cause a denial of service (infinite recursion) (CVE-2007-1861, Important).

• a flaw in the IPv4 forwarding base that allowed a local user to cause an
  out-of-bounds access (CVE-2007-2172, Important).

• a flaw in the nf_conntrack netfilter module for IPv6 that allowed remote
  users to bypass certain netfilter rules using IPv6 fragments
  (CVE-2007-1497, Moderate).

In addition to the security issues described above, fixes for the following
have been included:

• a regression in ipv6 routing.

• an error in memory initialization that caused gdb to output inaccurate
  backtraces on ia64.

• the nmi watchdog timeout was updated from 5 to 30 seconds.

• a flaw in distributed lock management that could result in errors during
  virtual machine migration.

• an omitted include in kernel-headers that led to compile failures for
  some packages.

Red Hat Enterprise Linux 5 users are advised to upgrade to these packages,
which contain backported patches to correct these issues.