The remote host is missing an update to zhcon announced via advisory DSA 655-1.

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20655-1

Erik Sjölund discovered that zhcon, a fast console CJK system using the Linux framebuffer, accesses a user-controlled configuration file with elevated privileges. Thus, it is possible to read arbitrary files. For the stable distribution (woody) this problem has been fixed in version 0.2-4woody3. For the unstable distribution (sid) this problem will be fixed soon. We recommend that you upgrade your zhcon package.