The ethernet monitor program; for keeping track of ethernet/ip address pairings.
Arpwatch does not properly drop supplementary groups.
Attackers, if able to exploit arpwatch, could escalate privileges outside of the running process.
There is no known workaround at this time.
All arpwatch users should upgrade to the latest version:
# emerge --sync
# emerge --ask --verbose --oneshot ">=net-analyzer/arpwatch-2.1.15-r8"