libpam-smb contains a buffer overflow that can be used to execute
arbitrary commands with root privilege. libpam-smb was not shipped with
Debian 2.1 (slink), but was included in Debian 2.2 (potato).
A fixed version of libpam-smb is available in version 1.1.6-1 for Debian
2.2 (potato). We recommend upgrading your libpam-smb immediately.
The advisory is at LWN.net.