The remote host is missing updates announced in advisory GLSA 200411-38.

All Sun JDK users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-java/sun-jdk-1.4.2.06' All Sun JRE users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-java/sun-jre-bin-1.4.2.06' All Blackdown JDK users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-java/blackdown-jdk-1.4.2.01' All Blackdown JRE users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-java/blackdown-jre-1.4.2.01' Note: You should unmerge all vulnerable versions to be fully protected. http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200411-38 http://bugs.gentoo.org/show_bug.cgi?id=72172 http://bugs.gentoo.org/show_bug.cgi?id=72221 http://www.idefense.com/application/poi/display?id=158&type=vulnerabilities http://www.blackdown.org/java-linux/java2-status/security/Blackdown-SA-2004-01.txt

The Java plug-in security in Sun and Blackdown Java environments can be bypassed to access arbitrary packages, allowing untrusted Java applets to perform unrestricted actions on the host system.