The remote host is missing updates announced in advisory GLSA 200411-15.
All Groff users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=sys-apps/groff-1.19.1-r2' All OpenSSL users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-libs/openssl-0.9.7d-r2' Note: /etc/ssl/misc/der_chop is protected by Portage as a configuration file. Don't forget to use etc-update and overwrite the old version with the new one. http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200411-15 http://bugs.gentoo.org/show_bug.cgi?id=68404 http://bugs.gentoo.org/show_bug.cgi?id=68407
groffer, included in the Groff package, and the der_chop script, included in the OpenSSL package, are both vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files with the rights of the user running the utility.