The remote host is missing an update to xloadimage announced via advisory DSA 069-1.
The version of xloadimage (a graphics files viewer for X) that was shipped in Debian GNU/Linux 2.2 has a buffer overflow in the code that handles FACES format images. This could be exploited by an attacker by tricking someone into viewing a specially crafted image using xloadimage which would allow him to execute arbitrary code. This problem was fixed in version 4.1-5potato1.
- Debian Security Advisory DSA 061-1 (gnupg)
- Debian Security Advisory DSA 101-1 (sudo)
- Debian Security Advisory DSA 1070-1 (kernel-source-2.4.19,kernel-image-sparc-2.4,kernel-patch-2.4.19-mips)
- Debian Security Advisory DSA 1011-1 (kernel-patch-vserver, util-vserver)
- Debian Security Advisory DSA 075-1 (netkit-telnet-ssl)