Embargoed until Jun29 1600 MEST isec.pl reported on May24 file offset pointer vulnerabilities allowing read of kernel memory. They noted "dozens of places" with vulnerable code and gave poc based on MTRR race.
Due to the complexity of the issue and fixes the embargo has been moved, currently set at Aug 3rd at 1700 UTC
Removing embargo; errata in progress
An errata has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2004-418.html