The remote host is missing an update to kdebase announced via advisory DSA 1156-1. Ludwig Nussel discovered that kdm, the X display manager for KDE, handles access to the session type configuration file insecurely, which may lead to the disclosure of arbitrary files through a symlink attack.

For the stable distribution (sarge) this problem has been fixed in version 3.3.2-1sarge3. For the unstable distribution (sid) this problem has been fixed in version 3.5.2-2. We recommend that you upgrade your kdm package. https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201156-1