sctp in Linux kernel before 126.96.36.199 allows remote attackers to
cause a denial of service (OOPS) via an INIT-ACK that states the peer
does not support AUTH, which causes the sctp_process_init function to
clean up active transports and triggers the OOPS when the T1-Init
Removing hardened; it's already incorporated in hardened-sources-2.6.25-r8, which is keyworded stable for all arches that the herd is able to test for (x86/amd64/ppc).