CVE-2009-2409
Published: 30 July 2009
The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large.
Priority
Status
Package | Release | Status |
---|---|---|
gnutls12 Launchpad, Ubuntu, Debian |
dapper |
Released
(1.2.9-2ubuntu1.5)
|
hardy |
Does not exist
|
|
intrepid |
Does not exist
|
|
jaunty |
Does not exist
|
|
karmic |
Does not exist
|
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
upstream |
Needs triage
|
|
gnutls13 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Released
(2.0.4-1ubuntu2.5)
|
|
intrepid |
Does not exist
|
|
jaunty |
Does not exist
|
|
karmic |
Does not exist
|
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
upstream |
Needs triage
|
|
gnutls26 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Does not exist
|
|
intrepid |
Released
(2.4.1-1ubuntu0.3)
|
|
jaunty |
Released
(2.4.2-5)
|
|
karmic |
Not vulnerable
(2.6.6-1)
|
|
lucid |
Not vulnerable
|
|
maverick |
Not vulnerable
|
|
upstream |
Needs triage
|
|
nss Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Released
(3.12.3.1-0ubuntu0.8.04.1)
|
|
intrepid |
Released
(3.12.3.1-0ubuntu0.8.10.1)
|
|
jaunty |
Released
(3.12.3.1-0ubuntu0.9.04.1)
|
|
karmic |
Released
(3.12.3.1-0ubuntu1)
|
|
lucid |
Not vulnerable
|
|
maverick |
Not vulnerable
|
|
upstream |
Needs triage
|
|
openjdk-6 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Released
(6b18-1.8.2-4ubuntu1~8.04.1)
|
|
intrepid |
Released
(6b12-0ubuntu6.6)
|
|
jaunty |
Released
(6b14-1.4.1-0ubuntu12)
|
|
karmic |
Released
(6b16-1.6.1-3ubuntu1)
|
|
lucid |
Not vulnerable
(6b17~pre2-0ubuntu3)
|
|
maverick |
Not vulnerable
(6b17~pre2-0ubuntu3)
|
|
upstream |
Released
(6b17)
|
|
openssl Launchpad, Ubuntu, Debian |
dapper |
Released
(0.9.8a-7ubuntu0.10)
|
hardy |
Released
(0.9.8g-4ubuntu3.8)
|
|
intrepid |
Released
(0.9.8g-10.1ubuntu2.5)
|
|
jaunty |
Released
(0.9.8g-15ubuntu3.3)
|
|
karmic |
Released
(0.9.8g-16ubuntu3)
|
|
lucid |
Not vulnerable
|
|
maverick |
Not vulnerable
|
|
upstream |
Needs triage
|
|
Patches: upstream: http://marc.info/?l=openssl-cvs&m=124508133203041&w=2 upstream: http://marc.info/?l=openssl-cvs&m=124704528713852&w=2 |