The remote host is missing updates announced in advisory GLSA 200601-10.

All Sun JDK users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-java/sun-jdk-1.4.2.09' All Sun JRE users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-java/sun-jre-bin-1.4.2.09' All Blackdown JDK users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-java/blackdown-jdk-1.4.2.03' All Blackdown JRE users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-java/blackdown-jre-1.4.2.03' Note to SPARC and PPC users: There is no stable secure Blackdown Java for the SPARC or PPC architectures. Affected users on the PPC architecture should consider switching to the IBM Java packages (ibm-jdk-bin and ibm-jre-bin). Affected users on the SPARC should remove the package until a SPARC package is released. http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200601-10 http://bugs.gentoo.org/show_bug.cgi?id=118114 http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102003-1 http://www.blackdown.org/java-linux/java2-status/security/Blackdown-SA-2005-03.txt

Sun's and Blackdown's JDK or JRE may allow untrusted applets to elevate their privileges.