The remote host is missing an update to man-db announced via advisory DSA 028-1.

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20028-1

Styx has reported that the program `man' mistakenly passes malicious strings (i.e. containing format characters) through routines that were not meant to use them as format strings. Since this could cause a segmentation fault and privileges were not dropped it may lead to an exploit for the 'man' user. We recommend you upgrade your man-db package immediately.