The OpenBSD implementation of IPv6 has a security vulnerability that requires an upgrade to prevent a remote attacker from causing a denial of service.
IPv6 is the successor to IPv4 and is already being implemented by some enterprises, either alone or in parallel with IPv4. While one of the main attractions of IPv6 is its vastly larger address space, administrators are also anticipating security improvements, especially with authentication.
However, independent security researcher Georgi Guninski has identified an error in the handling of IPv6 traffic when the host is configured to receive ICMPv6 (Internet Control Message Protocol) and is listening on a TCP port. A remote attacker can take advantage of this by setting a small IPv6 MTU (Maximum Transmission Unit) and then connecting to an open TCP port. This will crash the target system, causing a denial of service
The problem occurs on OpenBSD 3.4. PivX Solutions recommends OpenBSD administrators acquire the revised code from CVS and recompile their kernels.
For more information on this vulnerability, visit Secunia's advisory here.