Sebastian Krahmer discovered that opie, a system that makes it simple to use One-Time passwords in applications, is prone to a privilege escalation (CVE-2011-2490) and an off-by-one error, which can lead to the execution of arbitrary code (CVE-2011-2489). Adam Zabrocki and Maksymilian Arciemowicz also discovered another off-by-one error (CVE-2010-1938), which only affects the lenny version as the fix was already included in squeeze. For the oldstable distribution (lenny), these problems have been fixed in version 2.32-10.2+lenny2. For the stable distribution (squeeze), these problems have been fixed in version 2.32.dfsg.1-0.2+squeeze1 The testing distribution (wheezy) and the unstable distribution (sid) do not contain opie. We recommend that you upgrade your opie packages.
Sebastian Krahmer discovered that opie, a system that makes it simple to use One-Time passwords in applications, is prone to a privilege escalation (CVE-2011-2490) and an off-by-one error, which can lead to the execution of arbitrary code (CVE-2011-2489). Adam Zabrocki and Maksymilian Arciemowicz also discovered another off-by-one error (CVE-2010-1938), which only affects the lenny version as the fix was already included in squeeze.
For the oldstable distribution (lenny), these problems have been fixed in version 2.32-10.2+lenny2.
For the stable distribution (squeeze), these problems have been fixed in version 2.32.dfsg.1-0.2+squeeze1
The testing distribution (wheezy) and the unstable distribution (sid) do not contain opie.
We recommend that you upgrade your opie packages.