Candidate: CVE-2006-4572
References: 
 URL:http://readlist.com/lists/vger.kernel.org/linux-kernel/55/275979.html
 http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6d381634d213580d40d431e7664dfb45f641b884
 http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=51d8b1a65291a6956b79374b6adbbadc2263bcf6
Description: 
 Multiple unspecified vulnerabilities in netfilter for IPv6 code in Linux
 kernel before 2.6.16.31 allow remote attackers to bypass intended restrictions
 via unknown vectors, aka (1) "ip6_tables protocol bypass bug" and
 (2) "ip6_tables extension header bypass bug".
Ubuntu-Description:
 Mark Dowd discovered that the netfilter iptables module did not
 correcly handle fragmented packets. By sending specially crafted
 packets, a remote attacker could exploit this to bypass firewall
 rules.
Notes: 
 dannf> port to 2.4.27/2.6.8 is non-trivial, ignoring for now
Bugs: 
upstream: released (2.6.19)
linux-2.6: released (2.6.18.dfsg.1-9)
2.6.18-etch-security: released (2.6.18.dfsg.1-9)
2.6.8-sarge-security: ignored (2.6.8-16sarge7)
2.4.27-sarge-security: ignored (2.4.27-10sarge6)
2.6.15-dapper-security: released (2.6.15-28.51)
2.6.17-edgy-security: released (2.6.17.1-10.34)