kernel is vulnerable to denial of service. The possibility of a kernel crash was found in the Linux kernel IPsec protocol implementation, due to improper handling of fragmented ESP packets. When an attacker controlling an intermediate router fragmented these packets into very small pieces, it would cause a kernel crash on the receiving node during packet reassembly.
lists.opensuse.org/opensuse-security-announce/2008-06/msg00006.html
lists.opensuse.org/opensuse-security-announce/2008-07/msg00000.html
lists.opensuse.org/opensuse-security-announce/2008-07/msg00002.html
marc.info/?l=linux-netdev&m=120372380411259&w=2
secunia.com/advisories/30112
secunia.com/advisories/30294
secunia.com/advisories/30818
secunia.com/advisories/30890
secunia.com/advisories/30962
secunia.com/advisories/31107
secunia.com/advisories/31551
secunia.com/advisories/31628
www.debian.org/security/2008/dsa-1630
www.redhat.com/security/updates/classification/#important
www.redhat.com/support/errata/RHSA-2008-0237.html
www.redhat.com/support/errata/RHSA-2008-0275.html
www.redhat.com/support/errata/RHSA-2008-0585.html
www.securityfocus.com/bid/29081
www.ubuntu.com/usn/usn-625-1
access.redhat.com/errata/RHSA-2008:0275
bugzilla.redhat.com/show_bug.cgi?id=404291
exchange.xforce.ibmcloud.com/vulnerabilities/42276
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10549