The remote Debian host is missing a security-related update.
The Qualys Research Labs discovered multiple vulnerabilities in procps, a set of command line and full screen utilities for browsing procfs. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2018-1122 top read its configuration from the current working directory if no $HOME was configured. If top were started from a directory writable by the attacker (such as /tmp) this could result in local privilege escalation. - CVE-2018-1123 Denial of service against the ps invocation of another user. - CVE-2018-1124 An integer overflow in the file2strvec() function of libprocps could result in local privilege escalation. - CVE-2018-1125 A stack-based buffer overflow in pgrep could result in denial of service for a user using pgrep for inspecting a specially crafted process. - CVE-2018-1126 Incorrect integer size parameters used in wrappers for standard C allocators could cause integer truncation and lead to integer overflow issues.
Upgrade the procps packages. For the oldstable distribution (jessie), these problems have been fixed in version 2:3.3.9-9+deb8u1. For the stable distribution (stretch), these problems have been fixed in version 2:3.3.12-3+deb9u1.