
Due to the failure to correctly validate LCP configuration option lengths, it is possible for an attacker to send LCP packets via an sppp(4) connection causing the kernel to panic. CVE-2006-4304
As always, I've created a binpatch for the GENERIC kernel as well as GENERIC.MP, GENERIC + RAID and GENERIC.MP + RAID.