CVE-2008-3526 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3526): Integer overflow in the sctp_setsockopt_auth_key function in net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel 2.6.24-rc1 through 2.6.26.3 allows remote attackers to cause a denial of service (panic) or possibly have unspecified other impact via a crafted sca_keylength field associated with the SCTP_AUTH_KEY option.
hardened-kernel unaffected at present time. Removing alias. PS: Anything using >=genpatches-2.6.26-3 is unaffected