The Linux kernel handles the basic functions of the operating system.
These new kernel packages contain fixes for the security issues described below:
a flaw in the ISDN CAPI subsystem that allowed a remote user to cause a denial of service or potential privilege escalation. (CVE-2007-1217, Moderate)
a flaw in the Bluetooth subsystem that allowed a local user to trigger an information leak. (CVE-2007-1353, Low)
In addition to the security issues described above, fixes for the following have been included:
a race condition in the e1000 network driver that could cause ESB2 systems to be started without the RX unit being turned on.
a related e1000 bug on ESB2 systems that could cause rlogin to fail.
Red Hat would like to thank Ilja van Sprundel for reporting an issue fixed in this erratum.
Note: The kernel-unsupported package contains various drivers and modules that are unsupported and therefore might contain security problems that have not been addressed.
All Red Hat Enterprise Linux 3 users are advised to upgrade their kernels to the packages associated with their machine architecture and configurations as listed in this erratum.