Candidate: CVE-2010-3432
Description:
 sctp_packet_config() is called when getting the packet ready for appending of
 chunks.  The function should not touch the current state, since it's possible
 to ping-pong between two transports when sending, and that can result packet
 corruption followed by skb overlfow crash.
References:
Notes:
Bugs:
upstream: released (2.6.36-rc5) [4bdab43323b459900578b200a4b8cf9713ac8fab]
2.6.32-upstream-stable: released (2.6.32.23)
linux-2.6: released (2.6.32-24)
2.6.26-lenny-security: released (2.6.26-26lenny1) [bugfix/all/sctp-do-not-reset-the-packet-during-sctp_packet_config.patch]
2.6.32-squeeze-security: released (2.6.32-24)