The remote host is missing an update to xmlsec1 announced via advisory MDVSA-2009:267.

To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:267 http://www.kb.cert.org/vuls/id/466161

A vulnerability has been found and corrected in xmlsec1: A missing check for the recommended minimum length of the truncated form of HMAC-based XML signatures was found in xmlsec1 prior to 1.2.12. An attacker could use this flaw to create a specially-crafted XML file that forges an XML signature, allowing the attacker to bypass authentication that is based on the XML Signature specification (CVE-2009-0217). This update fixes this vulnerability. Affected: 2008.1, 2009.0, 2009.1, Enterprise Server 5.0