CVE 2009-2409
The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large.
Related bugs and status
CVE-2009-2409 (Candidate) is related to these bugs:
Bug #305264: gnutls regression: failure in certificate chain validation
Bug #359407: Jaunty icedtea6-plugin doesn’t work in Firefox 3.5
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 359407 | Jaunty icedtea6-plugin doesn’t work in Firefox 3.5 | openjdk-6 (Ubuntu) | High | Fix Released | ||
| 359407 | Jaunty icedtea6-plugin doesn’t work in Firefox 3.5 | firefox-3.5 (Ubuntu) | High | Invalid | ||
| 359407 | Jaunty icedtea6-plugin doesn’t work in Firefox 3.5 | iceweasel (Debian) | Unknown | Fix Released | ||
| 359407 | Jaunty icedtea6-plugin doesn’t work in Firefox 3.5 | Mozilla Firefox | Critical | Invalid | ||
| 359407 | Jaunty icedtea6-plugin doesn’t work in Firefox 3.5 | firefox-3.5 (Ubuntu Jaunty) | Undecided | Invalid | ||
| 359407 | Jaunty icedtea6-plugin doesn’t work in Firefox 3.5 | openjdk-6 (Ubuntu Jaunty) | High | Fix Released | ||
Bug #392670: Update OpenSSL to fix security vulnerabilities
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 392670 | Update OpenSSL to fix security vulnerabilities | The Dell Mini Project | Undecided | Fix Committed | ||
Bug #472845: wrong metric for Chinese font in OpenJDK applications
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 472845 | wrong metric for Chinese font in OpenJDK applications | openjdk-6 (Ubuntu) | Undecided | Fix Released | ||
| 472845 | wrong metric for Chinese font in OpenJDK applications | openjdk-6 (Ubuntu Jaunty) | Undecided | Fix Released | ||
| 472845 | wrong metric for Chinese font in OpenJDK applications | openjdk-6 (Ubuntu Karmic) | Undecided | Fix Released | ||
| 472845 | wrong metric for Chinese font in OpenJDK applications | openjdk-6 (Ubuntu Lucid) | Undecided | Fix Released | ||
| 472845 | wrong metric for Chinese font in OpenJDK applications | openjdk-6 (Ubuntu Maverick) | Undecided | Fix Released | ||
Bug #551328: Applets use 100% of CPU
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 551328 | Applets use 100% of CPU | openjdk-6 (Ubuntu) | Undecided | Fix Released | ||
| 551328 | Applets use 100% of CPU | OpenJDK | Medium | Invalid | ||
| 551328 | Applets use 100% of CPU | openjdk-6 (Debian) | Unknown | Fix Released | ||
Bug #581167: Please merge openssl 0.9.8n-1 into ubuntu
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 581167 | Please merge openssl 0.9.8n-1 into ubuntu | openssl (Ubuntu) | Undecided | Fix Released | ||
Bug #1031333: Missing Verisign certs due to broken extract script
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1031333 | Missing Verisign certs due to broken extract script | ca-certificates (Ubuntu) | Undecided | Fix Released | ||
| 1031333 | Missing Verisign certs due to broken extract script | ca-certificates (Debian) | Unknown | Fix Released | ||
| 1031333 | Missing Verisign certs due to broken extract script | ca-certificates (Fedora) | High | Won't Fix | ||
See the 
CVE page on Mitre.org
for more details.
