+++ This bug was initially created as a clone of Bug #280227 +++
The NSS library before 3.12.3, as used in Firefox; GnuTLS before
2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products
support MD2 with X.509 certificates, which might allow remote
attackers to spoof certificates by using MD2 design flaws to generate
a hash collision in less than brute-force time. NOTE: the scope of
this issue is currently limited because the amount of computation
required is still large.
Mark Cox wrote:
So for upstream OpenSSL we have disabled MD2 support completely. This
was done in two stages; the first was a patch in June 2009
(http://marc.info/?l=openssl-cvs&m=124508133203041&w=2) that removed
the check of a trusted root self-signed certificate. Then MD2 was
disabled in July, (http://cvs.openssl.org/chngview?cn=18381). Although there
have not yet been any
upstream releases containing these fixes, future OpenSSL 0.9.8 (after
0.9.8k), and OpenSSL 1.0.0 releases will contain this fix.
openssl-0.9.8l is in the tree now
Stabilization via bug 292022.
CVE-2009-2409 wasnt in the 0.9.8l release, so i added it to 0.9.8l-r1