Herbert Xu discovered that a number of netlink applications do not check the source address of incoming packets, assuming they are coming from the kernel. As any local user can send unicast netlink messages to any process on the system, this can lead to a local denial of service attack, or other local attacks. iptables in RHEL3 and RHEL2.1 is affected ipq_read - used for userspace to deal with packets from netfilter ipulog_read - used for userspace logging of packets Currently embargoed.
We don't ship iptables-devel and nothing shipped with iptables uses the vulnerable routines. Therefore no errata required.