|
|
Log in / Subscribe / Register

nspr, nss:weak hash signatures

Package(s):nspr, nss CVE #(s):CVE-2009-2409
Created:July 31, 2009 Updated:April 28, 2010
Description: From the Red Hat advisory: Dan Kaminsky found that browsers still accept certificates with MD2 hash signatures, even though MD2 is no longer considered a cryptographically strong algorithm. This could make it easier for an attacker to create a malicious certificate that would be treated as trusted by a browser. NSS now disables the use of MD2 and MD4 algorithms inside signatures by default. (CVE-2009-2409)
Alerts:
Mandriva MDVSA-2010:084 java-1.6.0-openjdk 2010-04-28
Red Hat RHSA-2010:0166-01 gnutls 2010-03-25
CentOS CESA-2010:0166 gnutls 2010-03-26
CentOS CESA-2010:0163 openssl 2010-03-25
Red Hat RHSA-2010:0163-01 openssl 2010-03-25
CentOS CESA-2010:0054 openssl 2010-01-20
Red Hat RHSA-2010:0054-01 openssl 2010-01-19
Pardus 2010-22 sun-jdk sun-jre 2010-02-04
Mandriva MDVSA-2009:310 openssl 2009-12-03
Mandriva MDVSA-2009:197-3 nss 2009-12-03
Gentoo 200912-01 openssl 2009-12-01
Mandriva MDVSA-2009:239 openssl 2009-09-22
Mandriva MDVSA-2009:238 openssl 2009-09-21
Mandriva MDVSA-2009:237 openssl 2009-09-21
Debian DSA-1888-1 openssl 2009-09-15
Ubuntu USN-830-1 openssl 2009-09-14
Mandriva MDVSA-2009:197-2 nss 2009-09-11
CentOS CESA-2009:1432 seamonkey 2009-09-10
Red Hat RHSA-2009:1432-01 seamonkey 2009-09-09
Debian DSA-1874-1 nss 2009-08-26
Mandriva MDVSA-2009:216 mozilla-thunderbird 2009-08-23
Ubuntu USN-809-1 gnutls12, gnutls13, gnutls26 2009-08-19
Red Hat RHSA-2009:1207-01 nspr nss 2009-08-12
Mandriva MDVSA-2009:197 nss 2009-08-07
Ubuntu USN-810-2 nspr 2009-08-04
Ubuntu USN-810-1 nss 2009-08-04
Red Hat RHSA-2009:1190-01 nspr, nss 2009-07-31
Red Hat RHSA-2009:1186-01 nspr, nss 2009-07-30
Red Hat RHSA-2009:1184-01 nspr, nss 2009-07-30
Gentoo 200911-02 sun-jre-bin 2009-11-17
Debian DSA-1935-1 gnutls13 2009-11-17
Fedora FEDORA-2009-11489 java-1.6.0-openjdk 2009-11-14
Fedora FEDORA-2009-11486 java-1.6.0-openjdk 2009-11-14
Fedora FEDORA-2009-11490 java-1.6.0-openjdk 2009-11-14
Ubuntu USN-859-1 openjdk-6 2009-11-13
Red Hat RHSA-2009:1584-01 java-1.6.0-openjdk 2009-11-16
CentOS CESA-2009:1584 java-1.6.0-openjdk 2009-11-18
Red Hat RHSA-2009:1560-01 java-1.6.0-sun 2009-11-09
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds