The remote host is missing an update to kernel-image-2.4.16-lart, kernel-image-2.4.16-netwinder, kernel-image-2.4.16-riscpc, kernel-patch-2.4.16-arm announced via advisory DSA 439-1.

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20439-1

Several local root exploits have been discovered recently in the Linux kernel. This security advisory updates the PowerPC/Apus kernel for Debian GNU/Linux. The Common Vulnerabilities and Exposures project identifies the following problems that are fixed with this update: CVE-2003-0961: An integer overflow in brk() system call (do_brk() function) for Linux allows a local attacker to gain root privileges. Fixed upstream in Linux 2.4.23. CVE-2003-0985: Paul Starzetz discovered a flaw in bounds checking in mremap() in the Linux kernel (present in version 2.4.x and 2.6.x) which may allow a local attacker to gain root privileges. Version 2.2 is not affected by this bug. Fixed upstream in Linux 2.4.24. CVE-2004-0077: Paul Starzetz and Wojciech Purczynski of isec.pl discovered a critical security vulnerability in the memory management code of Linux inside the mremap(2) system call. Due to missing function return value check of internal functions a local attacker can gain root privileges. Fixed upstream in Linux 2.4.25 and 2.6.3. For the stable distribution (woody) this problem has been fixed in version 2.4.26/20040204 of lart, netwinder and riscpc image and in version 20040204 of kernel-patch-2.4.16-arm. Other architectures will probably mentioned in a separate advisory or are not affected (m68k). For the unstable distribution (sid) these problems will be fixed soon. We recommend that you upgrade your Linux kernel packages immediately.