|Description||The Network Security Services (NSS) library before 3.12.3, as used in Firefox; GnuTLS before 2.6.4 and 2.7.4; OpenSSL 0.9.8 through 0.9.8k; and other products support MD2 with X.509 certificates, which might allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large.|
|Source||CVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)|
|References||DSA-1874-1, DSA-1888-1, DSA-1935-1|
|Debian Bugs||539895, 539899, 539901|
Vulnerable and fixed packages
The table below lists information on source packages.
|nss (PTS)||stretch (security), stretch||2:3.26.2-1.1+deb9u1||fixed|
|buster, buster (security)||2:3.42.1-1+deb10u3||fixed|
|openssl (PTS)||stretch (security), stretch||1.1.0l-1~deb9u1||fixed|
|buster, buster (security)||1.1.1d-0+deb10u3||fixed|
The information below is based on the following data on fixed versions.