Mandriva Linux Security Advisory 2009-259 – preprocessors/spp_frag3.c in Sourcefire Snort before 2.8.1 does not properly identify packet fragments that have dissimilar TTL values, which allows remote attackers to bypass detection rules by using a different TTL for each fragment. The updated packages have been patched to prevent this. Additionally there were problems with two rules in the snort-rules package for 2008.0 that is also fixed with this update. Packages for 2008.0 are being provided due to extended support for Corporate products.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/83755/MDVSA-2009-259-1.txt
Source: https://packetstormsecurity.com/files/83755/Mandriva-Linux-Security-Advisory-2009-259.html