Basically, the OpenBSD team insisted that the worst that could happen was that the system would crash. The Core team insisted that they shouldn't make that assumption, then took up the challenge and worked up a proof-of-concept exploit.
Here's the summary: a malformed IPv6 packet can be sent to an OpenBSD system causing arbitrary code to run on that system.
The fix: disallow IPv6 traffic using a firewall in front of the OpenBSD system or the firewall rules on the system itself. And better than either of those solutions is to update your kernel, which requires applying a patch.
In my opinion, IPv6 implementations on all operating systems have not undergone the kind of testing as IPv4 implementations and are therefore a security risk. If you don't specifically use IPv6, you should seriously consider blocking it at your firewall.