The kernel packages contain the Linux kernel, the core of any Linux operating system. These updated packages fix the following security issues: * a flaw was found in the IPv4 forwarding base. This could allow a local, unprivileged user to cause a denial of service. * a flaw was found in the handling of process death signals. This allowed a local, unprivileged user to send arbitrary signals to the suid-process executed by that user. Successful exploitation of this flaw depends on the structure of the suid-program and its signal handling. * when accessing kernel memory locations, certain Linux kernel drivers registering a fault handler did not perform required range checks. A local, unprivileged user could use this flaw to gain read or write access to arbitrary kernel memory, or possibly cause a denial of service. * a possible kernel memory leak was found in the Linux kernel Simple Internet Transition INET6 implementation. This could allow a local, unprivileged user to cause a denial of service. * missing capability checks were found in the SBNI WAN driver which could allow a local, unprivileged user to bypass intended capability restrictions. * a flaw was found in the way files were written using truncate or ftruncate. This could allow a local, unprivileged user to acquire the privileges of a different group and obtain access to sensitive information. * a race condition in the mincore system core allowed a local, unprivileged user to cause a denial of service. * a flaw was found in the aacraid SCSI driver. This allowed a local, unprivileged user to make ioctl calls to the driver which should otherwise be restricted to privileged users. * two buffer overflow flaws were found in the Integrated Services Digital Network subsystem. A local, unprivileged user could use these flaws to cause a denial of service. * a flaw was found in the way core dump files were created. If a local, unprivileged user could make a root-owned process dump a core file into a user-writable directory, the user could gain read access to that core file, potentially compromising sensitive information. * a deficiency was found in the Linux kernel virtual file system implementation. This could allow a local, unprivileged user to attempt file creation within deleted directories, possibly causing a denial of service. All users of Red Hat Enterprise Linux 2.1 on 32-bit architectures should upgrade to these updated packages which address these vulnerabilities. For this update to take effect, the system must be rebooted.