Summary
The remote host is missing an update as announced
via advisory SSA:2006-178-03.
Solution
https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2006-178-03
Insight
New aRts packages are available for Slackware 10.0, 10.1, 10.2, and -current to fix a possible security issue with artswrapper. The artswrapper program and the artsd daemon can be used to gain root privileges if artswrapper is setuid root and the system is running a 2.6.x kernel. Note that artswrapper is not setuid root on Slackware by default. Some people have recommended setting it that way online though, so it's at least worth warning about.
It's far safer to just add users to the audio group.
The official KDE security advisory may be found here:
http://www.kde.org/info/security/advisory-20060614-2.txt
More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2916
Severity
Classification
-
CVE CVE-2006-2916 -
CVSS Base Score: 6.0
AV:L/AC:H/Au:S/C:C/I:C/A:C
Related Vulnerabilities