CVE-2008-4576 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4576): sctp in Linux kernel before 2.6.25.18 allows remote attackers to cause a denial of service (OOPS) via an INIT-ACK that states the peer does not support AUTH, which causes the sctp_process_init function to clean up active transports and triggers the OOPS when the T1-Init timer expires.
Removing hardened; it's already incorporated in hardened-sources-2.6.25-r8, which is keyworded stable for all arches that the herd is able to test for (x86/amd64/ppc).