The remote host is missing an update to tkmail announced via advisory DSA 172-1.
It has been discovered that tkmail creates temporary files insecurely. Exploiting this an attacker with local access can easily create and overwrite files as another user. This problem has been fixed in version 4.0beta9-8.1 for the current stable distribution (woody), in version 4.0beta9-4.1 for the old stable distribution (potato) and in version 4.0beta9-9 for the unstable distribution (sid). We recommend that you upgrade your tkmail packages.
- Debian Security Advisory DSA 2731-1 (libgcrypt11 - information leak)
- Debian Security Advisory DSA 1255-1 (libgtop2)
- Debian Security Advisory DSA 1130-1 (sitebar)
- Debian Security Advisory DSA 2650-2 (libvirt - files and device nodes ownership change to kvm group)
- Debian Security Advisory DSA 1202-1 (screen)