Re: [SECURITY] [DSA 1888-1] New openssl packages deprecate MD2 hash signatures

View: New views

4 Messages — Rating Filter: Alert me

	Re: [SECURITY] [DSA 1888-1] New openssl packages deprecate MD2 hash signatures by Philipp Kern-6 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message [ Please Cc me on replies, thanks. ] Hi, On Tue, Sep 15, 2009 at 11:37:22PM +0200, Moritz Muehlenhoff wrote: > Certificates with MD2 hash signatures are no longer accepted by OpenSSL, > since they're no longer considered cryptographically secure. looking at ca-certificates it would affect those certs from the Mozilla truststore: Verisign_Class_1_Public_Primary_Certification_Authority.crt Verisign_Class_2_Public_Primary_Certification_Authority.crt Verisign_Class_3_Public_Primary_Certification_Authority.crt Verisign_RSA_Secure_Server_CA.crt Those are Root CAs with MD2 signatures on them. This does not mean that they use MD2 to sign others, of course. Are those an attack vector and ought those to be dropped from the package? Especially as we store them on the user's system it should not be possible to spoof another key with a hash collision as only the one on disk should be trusted? Kind regards, Philipp Kern -- .''`. Philipp Kern Debian Developer : :' : http://philkern.de Stable Release Manager `. `' xmpp:phil@... Wanna-Build Admin `- finger pkern/key@... signature.asc (204 bytes) Download Attachment
	Re: [SECURITY] [DSA 1888-1] New openssl packages deprecate MD2 hash signatures by Justin Bellmor :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message > Would you remove Justin Bellmor from your email list. Justin passed > away last month after suffering a major brain bleed in July. > > Thank you > > Russell Bellmor > Justin's Dad -- Justin Bellmor Computer Science Undergraduate @ Georgia Institute of Technology justin@... \| justin@... 770-265-3587 On Sep 15, 2009, at 5:37 PM, Moritz Muehlenhoff <jmm@...> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > - > --- > --------------------------------------------------------------------- > Debian Security Advisory DSA-1888-1 security@... > http://www.debian.org/security/ Moritz > Muehlenhoff > September 15, 2009 http://www.debian.org/security/faq > - > --- > --------------------------------------------------------------------- > > Package : openssl, openssl097 > Vulnerability : cryptographic weakness > Problem type : remote > Debian-specific: no > CVE Id(s) : CVE-2009-2409 > > Certificates with MD2 hash signatures are no longer accepted by > OpenSSL, > since they're no longer considered cryptographically secure. > > For the stable distribution (lenny), this problem has been fixed in > version 0.9.8g-15+lenny5. > > For the old stable distribution (etch), this problem has been fixed in > version 0.9.8c-4etch9 for openssl and version 0.9.7k-3.1etch5 for > openssl097. > The OpenSSL 0.9.8 update for oldstable (etch) also provides updated > packages for multiple denial of service vulnerabilities in the > Datagram Transport Layer Security implementation. These fixes were > already provided for Debian stable (Lenny) in a previous point > update. The OpenSSL 0.9.7 package from oldstable (Etch) is not > affected. (CVE-2009-1377, CVE-2009-1378, CVE-2009-1379, > CVE-2009-1386 and CVE-2009-1387) > > For the unstable distribution (sid), this problem has been fixed in > version 0.9.8k-5. > > We recommend that you upgrade your openssl packages. > > Upgrade instructions > - -------------------- > > wget url > will fetch the file for you > dpkg -i file.deb > will install the referenced file. > > If you are using the apt-get package manager, use the line for > sources.list as given below: > > apt-get update > will update the internal database > apt-get upgrade > will install corrected packages > > You may use an automated update by adding the resources from the > footer to the proper configuration. > > > Debian GNU/Linux 4.0 alias etch > - ------------------------------- > > Oldstable updates are available for alpha, amd64, arm, hppa, i386, > ia64, mips, mipsel, powerpc, s390 and sparc. > > Source archives: > > http://security.debian.org/pool/updates/main/o/openssl097/openssl097_0.9.7k-3.1etch5.dsc > Size/MD5 checksum: 1417 cfeda0aa5b691a5745475692c5d95023 > http://security.debian.org/pool/updates/main/o/openssl097/openssl097_0.9.7k-3.1etch5.diff.gz > Size/MD5 checksum: 35983 d36ced1a9b6bc9fb473142df040a06d6 > http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch9.dsc > Size/MD5 checksum: 1455 853078a1ba61d986d0862b7052e6a47b > http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c.orig.tar.gz > Size/MD5 checksum: 3313857 78454bec556bcb4c45129428a766c886 > http://security.debian.org/pool/updates/main/o/openssl097/openssl097_0.9.7k.orig.tar.gz > Size/MD5 checksum: 3292692 be6bba1d67b26eabb48cf1774925416f > http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch9.diff.gz > Size/MD5 checksum: 59037 1d168f6505755d3d5b2cc5c8dfc4a314 > > alpha architecture (DEC Alpha) > > http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch9_alpha.deb > Size/MD5 checksum: 2623244 6d978b3c3271793c8e7af4805335186c > http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch5_alpha.deb > Size/MD5 checksum: 2209790 7b1bd54453a93ae2b20d25abf8e0187a > http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch9_alpha.deb > Size/MD5 checksum: 2556932 aff297a5754a34193d35e1e7bb1de5e5 > http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch5_alpha.deb > Size/MD5 checksum: 3822402 2d51057194c55709f258303f9eb5634d > http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch9_alpha.deb > Size/MD5 checksum: 1015184 1a7ee5f6d57cc91aaee2df7efbed7e03 > http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch9_alpha.deb > Size/MD5 checksum: 4561710 6e24f6d818c1c6e791f3b457e9d025cd > http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch9_alpha.udeb > Size/MD5 checksum: 677314 840e921e5eb158208331c1eb4e546453 > > amd64 architecture (AMD x86_64 (AMD64)) > > http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch9_amd64.deb > Size/MD5 checksum: 2188696 730e51554bee77b38922ab4968f7bd8f > http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch9_amd64.deb > Size/MD5 checksum: 891856 373b14c8d5d44eba8e2a704d29621e4e > http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch5_amd64.deb > Size/MD5 checksum: 1328748 32e707b77f010c26690d0d170b3b8c71 > http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch9_amd64.deb > Size/MD5 checksum: 1655940 94723e6134595ff2a407ab3cb99c24c9 > http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch9_amd64.udeb > Size/MD5 checksum: 580330 d98c62ccbd82164d39df6366fa654308 > http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch5_amd64.deb > Size/MD5 checksum: 755234 7165fcc39018915a7e3c777af0577305 > http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch9_amd64.deb > Size/MD5 checksum: 1017888 fe9448a60c33599b868d17865789e2cc > > arm architecture (ARM) > > http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch9_arm.deb > Size/MD5 checksum: 1010856 09a084ee052c3fdc4dc143a9b490e6e2 > http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch9_arm.deb > Size/MD5 checksum: 1540164 dfc8a72eba408506cf5e26d54f5d7279 > http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch9_arm.deb > Size/MD5 checksum: 2048878 df31a9c9a6ddf22c72ecf29ccf1b1717 > http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch9_arm.udeb > Size/MD5 checksum: 516754 ee398a3bdd932297310166de7ce28739 > http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch5_arm.deb > Size/MD5 checksum: 672672 78b6e01942db91439d49cfa0a317b549 > http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch5_arm.deb > Size/MD5 checksum: 1230262 af62aacfce4e19ce641cc532bd51545a > http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch9_arm.deb > Size/MD5 checksum: 804254 0fb9c58ac33f4009c5dafa3feb240b13 > > hppa architecture (HP PA RISC) > > http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch9_hppa.deb > Size/MD5 checksum: 1028976 a31e8c423d6b372a66bdf1a8e869ea13 > http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch5_hppa.deb > Size/MD5 checksum: 1275094 e1f8d6e9288ea8e83838cf5aee245709 > http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch9_hppa.udeb > Size/MD5 checksum: 631474 c3c31809d2957e0936722f031324dcab > http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch9_hppa.deb > Size/MD5 checksum: 2251788 2a1efa87bbda28aeec06808a5f75799d > http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch9_hppa.deb > Size/MD5 checksum: 1585738 5d27d5d0a93266568a3d47d57a918fd1 > http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch5_hppa.deb > Size/MD5 checksum: 794096 8da69cd67e4e99b4b1fcd2c7b9ce60b8 > http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch9_hppa.deb > Size/MD5 checksum: 945942 93743a8199b6091d3675dd19136fefe0 > > i386 architecture (Intel ia32) > > http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch9_i386.deb > Size/MD5 checksum: 1015854 3d55c6714377dd3f880ca00d5fd33d8f > http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch9_i386.deb > Size/MD5 checksum: 5584118 8474aecd2a5a9289eea1543701637b7b > http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch9_i386.deb > Size/MD5 checksum: 2094906 f47d4add189e6054063d6e4ef0ed9f53 > http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch5_i386.deb > Size/MD5 checksum: 2285698 ba20a1691c95172c7e6e65d2edd6b734 > http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch5_i386.deb > Size/MD5 checksum: 4646064 ea07573ce039d1f70cc3217af3976a5a > http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch9_i386.deb > Size/MD5 checksum: 2721748 90224715a47b6a5a4b9cbc73aa5e4194 > > ia64 architecture (Intel ia64) > > http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch9_ia64.deb > Size/MD5 checksum: 1071422 eacef698406ad3ee5b2869fbf278b282 > http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch9_ia64.deb > Size/MD5 checksum: 2594594 e6b7552444f3dfa26c142255e4fb4dbb > http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch5_ia64.deb > Size/MD5 checksum: 1263766 519bd736295e4243ba2a8999cc461f64 > http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch5_ia64.deb > Size/MD5 checksum: 1010298 e183563e65de671bf1b712d7f0008572 > http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch9_ia64.deb > Size/MD5 checksum: 1192868 b2896f6d0056cb31cb6b18778328f8d8 > http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch9_ia64.udeb > Size/MD5 checksum: 801820 e8a2bc842a7f30df0f3ac051c7931206 > http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch9_ia64.deb > Size/MD5 checksum: 1570120 715a266df73ca20b088f89a37360c2bb > > mips architecture (MIPS (Big Endian)) > > http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch9_mips.deb > Size/MD5 checksum: 1004038 6ba64dcdfbe17e9dab35140704a3a631 > http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch5_mips.deb > Size/MD5 checksum: 1352542 b04ccbce03f8733826da59b88679c271 > http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch9_mips.deb > Size/MD5 checksum: 876374 88d019182c4708cb9f562ad50356ece4 > http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch5_mips.deb > Size/MD5 checksum: 729468 8df90f5763fe490802d08cfda48dde8e > http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch9_mips.udeb > Size/MD5 checksum: 580262 e6b1048861355c2a72924d62e0152c48 > http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch9_mips.deb > Size/MD5 checksum: 2262814 c2a4ffc36ee22524a10f39905ec9dac6 > http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch9_mips.deb > Size/MD5 checksum: 1694148 0f92ff6fe6fc6ec1ea4b6821648ad873 > > mipsel architecture (MIPS (Little Endian)) > > http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch9_mipsel.udeb > Size/MD5 checksum: 566398 fa9c98d666f14ead8042307148559e03 > http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch9_mipsel.deb > Size/MD5 checksum: 861324 227e99525d3774aab4ed35823b364e85 > http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch9_mipsel.deb > Size/MD5 checksum: 993194 f6a3a9fbe33f3a24e620385c880fe650 > http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch5_mipsel.deb > Size/MD5 checksum: 1317494 62604b0e8b4714fe4d145367c3ef8050 > http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch9_mipsel.deb > Size/MD5 checksum: 2256056 ace9c8fbf8fd421e3bdf971766e97e47 > http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch5_mipsel.deb > Size/MD5 checksum: 719118 83dd2eab20361e439e1a1ca72e8767e0 > http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch9_mipsel.deb > Size/MD5 checksum: 1650408 383c6d1723b8756b28bbcd20fb48a6ad > > powerpc architecture (PowerPC) > > http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch5_powerpc.deb > Size/MD5 checksum: 1382230 d08c48c0913f539b576c4fabf24d7402 > http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch9_powerpc.deb > Size/MD5 checksum: 1002488 bed65e465132b21a1b3577ee598167a7 > http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch9_powerpc.deb > Size/MD5 checksum: 2211326 283092faadbe1ef87aa0c35c6de9b0ee > http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch5_powerpc.deb > Size/MD5 checksum: 743636 6e49d29dd51372e785861e3f33992de1 > http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch9_powerpc.deb > Size/MD5 checksum: 896036 4edadfc436e1241752859fe4c9793261 > http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch9_powerpc.udeb > Size/MD5 checksum: 585388 7e01ecdd6091bea567b061cad15884d5 > http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch9_powerpc.deb > Size/MD5 checksum: 1728586 f0ab004883e95bc0500589d052b63e32 > > s390 architecture (IBM S/390) > > http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch9_s390.deb > Size/MD5 checksum: 952152 67707818bd7d67babb987d93a55d903b > http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch9_s390.udeb > Size/MD5 checksum: 643206 a81bd94114398120cbf6b83eb054cbca > http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch9_s390.deb > Size/MD5 checksum: 2194170 faed7fc6f392c4de78e437e0d27e60ec > http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch5_s390.deb > Size/MD5 checksum: 794488 23fd96112753232253190a3774d8e185 > http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch5_s390.deb > Size/MD5 checksum: 1317124 df4942650c247c5abb6b0ea8f291f2da > http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch9_s390.deb > Size/MD5 checksum: 1014770 0fa727a30ca7e9b7d6471b4b4ffb53a5 > http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch9_s390.deb > Size/MD5 checksum: 1633656 76a770e4d783d01971f71c7f392953aa > > sparc architecture (Sun SPARC/UltraSPARC) > > http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch9_sparc.deb > Size/MD5 checksum: 2111766 ff845ccd3590e33849efed2accb6a06b > http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch9_sparc.deb > Size/MD5 checksum: 4090916 c8fcd70975280474ae2a92b78cc8d186 > http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch9_sparc.deb > Size/MD5 checksum: 1020848 454f299a89fa6c5d3a56ed67af873071 > http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch5_sparc.deb > Size/MD5 checksum: 3417770 709ae247e0dbcee41656dabc79740471 > http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch5_sparc.deb > Size/MD5 checksum: 1800060 6c6400623dc52a1e2be77a7b7d45658e > http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch9_sparc.deb > Size/MD5 checksum: 2126592 515b45a886c700c951206f9812a0d775 > http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch9_sparc.udeb > Size/MD5 checksum: 539090 ebdf1e6a431363d3cb0280fb73092631 > > > Debian GNU/Linux 5.0 alias lenny > - -------------------------------- > > Stable updates are available for alpha, amd64, arm, armel, hppa, > i386, ia64, mips, mipsel, powerpc, s390 and sparc. > > Source archives: > > http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny5.dsc > Size/MD5 checksum: 1972 dd98f13a10c81fdf68ad1a81fa80a659 > http://security.debian.org/pool/updates/main/o/openssl/openssl_0 -- To UNSUBSCRIBE, email to debian-security-REQUEST@... with a subject of "unsubscribe". Trouble? Contact listmaster@...
	Re: [SECURITY] [DSA 1888-1] New openssl packages deprecate MD2 hash signatures by Kees Cook-6 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Wed, Sep 16, 2009 at 12:02:11AM +0200, Philipp Kern wrote: > On Tue, Sep 15, 2009 at 11:37:22PM +0200, Moritz Muehlenhoff wrote: > > Certificates with MD2 hash signatures are no longer accepted by OpenSSL, > > since they're no longer considered cryptographically secure. > > looking at ca-certificates it would affect those certs from the Mozilla > truststore: > > Verisign_Class_1_Public_Primary_Certification_Authority.crt > Verisign_Class_2_Public_Primary_Certification_Authority.crt > Verisign_Class_3_Public_Primary_Certification_Authority.crt > Verisign_RSA_Secure_Server_CA.crt > > Those are Root CAs with MD2 signatures on them. This does not mean that they > use MD2 to sign others, of course. Are those an attack vector and ought those > to be dropped from the package? Especially as we store them on the user's > system it should not be possible to spoof another key with a hash collision > as only the one on disk should be trusted? Since MD2 is ignored, no spoofing should be possible. And as long as top-level self-signatures aren't checked[1], it should be fine to leave those certs until they are updated (AFAIK, Verisign has re-signed their top-level certs with SHA-1). -Kees [1] http://marc.info/?l=openssl-cvs&m=124508133203041&w=2 -- Kees Cook @debian.org -- To UNSUBSCRIBE, email to debian-security-REQUEST@... with a subject of "unsubscribe". Trouble? Contact listmaster@...
	Re: [SECURITY] [DSA 1888-1] New openssl packages deprecate MD2 hash signatures by Florian Weimer :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message * Philipp Kern: > Those are Root CAs with MD2 signatures on them. This does not mean that they > use MD2 to sign others, of course. Are those an attack vector and ought those > to be dropped from the package? The attack vector requires a complete break of MD2. You'd take that published RSA-based self-signature on an MD2 hash value, and construct something which hashes to the same value under MD2, but is more meaningful than a self-signature (it could be another CA certificate, for instance). Cryptographically, self-signatures on root CA certificates do not matter. Some implementations check them, but this is a mere consistency check, adding no security value. -- To UNSUBSCRIBE, email to debian-security-REQUEST@... with a subject of "unsubscribe". Trouble? Contact listmaster@...

	Re: [SECURITY] [DSA 1888-1] New openssl packages deprecate MD2 hash signatures by Philipp Kern-6 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message [ Please Cc me on replies, thanks. ] Hi, On Tue, Sep 15, 2009 at 11:37:22PM +0200, Moritz Muehlenhoff wrote: > Certificates with MD2 hash signatures are no longer accepted by OpenSSL, > since they're no longer considered cryptographically secure. looking at ca-certificates it would affect those certs from the Mozilla truststore: Verisign_Class_1_Public_Primary_Certification_Authority.crt Verisign_Class_2_Public_Primary_Certification_Authority.crt Verisign_Class_3_Public_Primary_Certification_Authority.crt Verisign_RSA_Secure_Server_CA.crt Those are Root CAs with MD2 signatures on them. This does not mean that they use MD2 to sign others, of course. Are those an attack vector and ought those to be dropped from the package? Especially as we store them on the user's system it should not be possible to spoof another key with a hash collision as only the one on disk should be trusted? Kind regards, Philipp Kern -- .''`. Philipp Kern Debian Developer : :' : http://philkern.de Stable Release Manager `. `' xmpp:phil@... Wanna-Build Admin `- finger pkern/key@... signature.asc (204 bytes) Download Attachment
	Re: [SECURITY] [DSA 1888-1] New openssl packages deprecate MD2 hash signatures by Justin Bellmor :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message > Would you remove Justin Bellmor from your email list. Justin passed > away last month after suffering a major brain bleed in July. > > Thank you > > Russell Bellmor > Justin's Dad -- Justin Bellmor Computer Science Undergraduate @ Georgia Institute of Technology justin@... \| justin@... 770-265-3587 On Sep 15, 2009, at 5:37 PM, Moritz Muehlenhoff <jmm@...> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > - > --- > --------------------------------------------------------------------- > Debian Security Advisory DSA-1888-1 security@... > http://www.debian.org/security/ Moritz > Muehlenhoff > September 15, 2009 http://www.debian.org/security/faq > - > --- > --------------------------------------------------------------------- > > Package : openssl, openssl097 > Vulnerability : cryptographic weakness > Problem type : remote > Debian-specific: no > CVE Id(s) : CVE-2009-2409 > > Certificates with MD2 hash signatures are no longer accepted by > OpenSSL, > since they're no longer considered cryptographically secure. > > For the stable distribution (lenny), this problem has been fixed in > version 0.9.8g-15+lenny5. > > For the old stable distribution (etch), this problem has been fixed in > version 0.9.8c-4etch9 for openssl and version 0.9.7k-3.1etch5 for > openssl097. > The OpenSSL 0.9.8 update for oldstable (etch) also provides updated > packages for multiple denial of service vulnerabilities in the > Datagram Transport Layer Security implementation. These fixes were > already provided for Debian stable (Lenny) in a previous point > update. The OpenSSL 0.9.7 package from oldstable (Etch) is not > affected. (CVE-2009-1377, CVE-2009-1378, CVE-2009-1379, > CVE-2009-1386 and CVE-2009-1387) > > For the unstable distribution (sid), this problem has been fixed in > version 0.9.8k-5. > > We recommend that you upgrade your openssl packages. > > Upgrade instructions > - -------------------- > > wget url > will fetch the file for you > dpkg -i file.deb > will install the referenced file. > > If you are using the apt-get package manager, use the line for > sources.list as given below: > > apt-get update > will update the internal database > apt-get upgrade > will install corrected packages > > You may use an automated update by adding the resources from the > footer to the proper configuration. > > > Debian GNU/Linux 4.0 alias etch > - ------------------------------- > > Oldstable updates are available for alpha, amd64, arm, hppa, i386, > ia64, mips, mipsel, powerpc, s390 and sparc. > > Source archives: > > http://security.debian.org/pool/updates/main/o/openssl097/openssl097_0.9.7k-3.1etch5.dsc > Size/MD5 checksum: 1417 cfeda0aa5b691a5745475692c5d95023 > http://security.debian.org/pool/updates/main/o/openssl097/openssl097_0.9.7k-3.1etch5.diff.gz > Size/MD5 checksum: 35983 d36ced1a9b6bc9fb473142df040a06d6 > http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch9.dsc > Size/MD5 checksum: 1455 853078a1ba61d986d0862b7052e6a47b > http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c.orig.tar.gz > Size/MD5 checksum: 3313857 78454bec556bcb4c45129428a766c886 > http://security.debian.org/pool/updates/main/o/openssl097/openssl097_0.9.7k.orig.tar.gz > Size/MD5 checksum: 3292692 be6bba1d67b26eabb48cf1774925416f > http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch9.diff.gz > Size/MD5 checksum: 59037 1d168f6505755d3d5b2cc5c8dfc4a314 > > alpha architecture (DEC Alpha) > > http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch9_alpha.deb > Size/MD5 checksum: 2623244 6d978b3c3271793c8e7af4805335186c > http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch5_alpha.deb > Size/MD5 checksum: 2209790 7b1bd54453a93ae2b20d25abf8e0187a > http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch9_alpha.deb > Size/MD5 checksum: 2556932 aff297a5754a34193d35e1e7bb1de5e5 > http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch5_alpha.deb > Size/MD5 checksum: 3822402 2d51057194c55709f258303f9eb5634d > http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch9_alpha.deb > Size/MD5 checksum: 1015184 1a7ee5f6d57cc91aaee2df7efbed7e03 > http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch9_alpha.deb > Size/MD5 checksum: 4561710 6e24f6d818c1c6e791f3b457e9d025cd > http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch9_alpha.udeb > Size/MD5 checksum: 677314 840e921e5eb158208331c1eb4e546453 > > amd64 architecture (AMD x86_64 (AMD64)) > > http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch9_amd64.deb > Size/MD5 checksum: 2188696 730e51554bee77b38922ab4968f7bd8f > http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch9_amd64.deb > Size/MD5 checksum: 891856 373b14c8d5d44eba8e2a704d29621e4e > http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch5_amd64.deb > Size/MD5 checksum: 1328748 32e707b77f010c26690d0d170b3b8c71 > http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch9_amd64.deb > Size/MD5 checksum: 1655940 94723e6134595ff2a407ab3cb99c24c9 > http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch9_amd64.udeb > Size/MD5 checksum: 580330 d98c62ccbd82164d39df6366fa654308 > http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch5_amd64.deb > Size/MD5 checksum: 755234 7165fcc39018915a7e3c777af0577305 > http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch9_amd64.deb > Size/MD5 checksum: 1017888 fe9448a60c33599b868d17865789e2cc > > arm architecture (ARM) > > http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch9_arm.deb > Size/MD5 checksum: 1010856 09a084ee052c3fdc4dc143a9b490e6e2 > http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch9_arm.deb > Size/MD5 checksum: 1540164 dfc8a72eba408506cf5e26d54f5d7279 > http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch9_arm.deb > Size/MD5 checksum: 2048878 df31a9c9a6ddf22c72ecf29ccf1b1717 > http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch9_arm.udeb > Size/MD5 checksum: 516754 ee398a3bdd932297310166de7ce28739 > http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch5_arm.deb > Size/MD5 checksum: 672672 78b6e01942db91439d49cfa0a317b549 > http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch5_arm.deb > Size/MD5 checksum: 1230262 af62aacfce4e19ce641cc532bd51545a > http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch9_arm.deb > Size/MD5 checksum: 804254 0fb9c58ac33f4009c5dafa3feb240b13 > > hppa architecture (HP PA RISC) > > http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch9_hppa.deb > Size/MD5 checksum: 1028976 a31e8c423d6b372a66bdf1a8e869ea13 > http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch5_hppa.deb > Size/MD5 checksum: 1275094 e1f8d6e9288ea8e83838cf5aee245709 > http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch9_hppa.udeb > Size/MD5 checksum: 631474 c3c31809d2957e0936722f031324dcab > http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch9_hppa.deb > Size/MD5 checksum: 2251788 2a1efa87bbda28aeec06808a5f75799d > http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch9_hppa.deb > Size/MD5 checksum: 1585738 5d27d5d0a93266568a3d47d57a918fd1 > http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch5_hppa.deb > Size/MD5 checksum: 794096 8da69cd67e4e99b4b1fcd2c7b9ce60b8 > http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch9_hppa.deb > Size/MD5 checksum: 945942 93743a8199b6091d3675dd19136fefe0 > > i386 architecture (Intel ia32) > > http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch9_i386.deb > Size/MD5 checksum: 1015854 3d55c6714377dd3f880ca00d5fd33d8f > http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch9_i386.deb > Size/MD5 checksum: 5584118 8474aecd2a5a9289eea1543701637b7b > http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch9_i386.deb > Size/MD5 checksum: 2094906 f47d4add189e6054063d6e4ef0ed9f53 > http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch5_i386.deb > Size/MD5 checksum: 2285698 ba20a1691c95172c7e6e65d2edd6b734 > http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch5_i386.deb > Size/MD5 checksum: 4646064 ea07573ce039d1f70cc3217af3976a5a > http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch9_i386.deb > Size/MD5 checksum: 2721748 90224715a47b6a5a4b9cbc73aa5e4194 > > ia64 architecture (Intel ia64) > > http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch9_ia64.deb > Size/MD5 checksum: 1071422 eacef698406ad3ee5b2869fbf278b282 > http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch9_ia64.deb > Size/MD5 checksum: 2594594 e6b7552444f3dfa26c142255e4fb4dbb > http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch5_ia64.deb > Size/MD5 checksum: 1263766 519bd736295e4243ba2a8999cc461f64 > http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch5_ia64.deb > Size/MD5 checksum: 1010298 e183563e65de671bf1b712d7f0008572 > http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch9_ia64.deb > Size/MD5 checksum: 1192868 b2896f6d0056cb31cb6b18778328f8d8 > http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch9_ia64.udeb > Size/MD5 checksum: 801820 e8a2bc842a7f30df0f3ac051c7931206 > http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch9_ia64.deb > Size/MD5 checksum: 1570120 715a266df73ca20b088f89a37360c2bb > > mips architecture (MIPS (Big Endian)) > > http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch9_mips.deb > Size/MD5 checksum: 1004038 6ba64dcdfbe17e9dab35140704a3a631 > http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch5_mips.deb > Size/MD5 checksum: 1352542 b04ccbce03f8733826da59b88679c271 > http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch9_mips.deb > Size/MD5 checksum: 876374 88d019182c4708cb9f562ad50356ece4 > http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch5_mips.deb > Size/MD5 checksum: 729468 8df90f5763fe490802d08cfda48dde8e > http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch9_mips.udeb > Size/MD5 checksum: 580262 e6b1048861355c2a72924d62e0152c48 > http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch9_mips.deb > Size/MD5 checksum: 2262814 c2a4ffc36ee22524a10f39905ec9dac6 > http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch9_mips.deb > Size/MD5 checksum: 1694148 0f92ff6fe6fc6ec1ea4b6821648ad873 > > mipsel architecture (MIPS (Little Endian)) > > http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch9_mipsel.udeb > Size/MD5 checksum: 566398 fa9c98d666f14ead8042307148559e03 > http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch9_mipsel.deb > Size/MD5 checksum: 861324 227e99525d3774aab4ed35823b364e85 > http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch9_mipsel.deb > Size/MD5 checksum: 993194 f6a3a9fbe33f3a24e620385c880fe650 > http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch5_mipsel.deb > Size/MD5 checksum: 1317494 62604b0e8b4714fe4d145367c3ef8050 > http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch9_mipsel.deb > Size/MD5 checksum: 2256056 ace9c8fbf8fd421e3bdf971766e97e47 > http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch5_mipsel.deb > Size/MD5 checksum: 719118 83dd2eab20361e439e1a1ca72e8767e0 > http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch9_mipsel.deb > Size/MD5 checksum: 1650408 383c6d1723b8756b28bbcd20fb48a6ad > > powerpc architecture (PowerPC) > > http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch5_powerpc.deb > Size/MD5 checksum: 1382230 d08c48c0913f539b576c4fabf24d7402 > http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch9_powerpc.deb > Size/MD5 checksum: 1002488 bed65e465132b21a1b3577ee598167a7 > http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch9_powerpc.deb > Size/MD5 checksum: 2211326 283092faadbe1ef87aa0c35c6de9b0ee > http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch5_powerpc.deb > Size/MD5 checksum: 743636 6e49d29dd51372e785861e3f33992de1 > http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch9_powerpc.deb > Size/MD5 checksum: 896036 4edadfc436e1241752859fe4c9793261 > http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch9_powerpc.udeb > Size/MD5 checksum: 585388 7e01ecdd6091bea567b061cad15884d5 > http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch9_powerpc.deb > Size/MD5 checksum: 1728586 f0ab004883e95bc0500589d052b63e32 > > s390 architecture (IBM S/390) > > http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch9_s390.deb > Size/MD5 checksum: 952152 67707818bd7d67babb987d93a55d903b > http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch9_s390.udeb > Size/MD5 checksum: 643206 a81bd94114398120cbf6b83eb054cbca > http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch9_s390.deb > Size/MD5 checksum: 2194170 faed7fc6f392c4de78e437e0d27e60ec > http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch5_s390.deb > Size/MD5 checksum: 794488 23fd96112753232253190a3774d8e185 > http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch5_s390.deb > Size/MD5 checksum: 1317124 df4942650c247c5abb6b0ea8f291f2da > http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch9_s390.deb > Size/MD5 checksum: 1014770 0fa727a30ca7e9b7d6471b4b4ffb53a5 > http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch9_s390.deb > Size/MD5 checksum: 1633656 76a770e4d783d01971f71c7f392953aa > > sparc architecture (Sun SPARC/UltraSPARC) > > http://security.debian.org/pool/updates/main/o/openssl/libssl-dev_0.9.8c-4etch9_sparc.deb > Size/MD5 checksum: 2111766 ff845ccd3590e33849efed2accb6a06b > http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8-dbg_0.9.8c-4etch9_sparc.deb > Size/MD5 checksum: 4090916 c8fcd70975280474ae2a92b78cc8d186 > http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8c-4etch9_sparc.deb > Size/MD5 checksum: 1020848 454f299a89fa6c5d3a56ed67af873071 > http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7-dbg_0.9.7k-3.1etch5_sparc.deb > Size/MD5 checksum: 3417770 709ae247e0dbcee41656dabc79740471 > http://security.debian.org/pool/updates/main/o/openssl097/libssl0.9.7_0.9.7k-3.1etch5_sparc.deb > Size/MD5 checksum: 1800060 6c6400623dc52a1e2be77a7b7d45658e > http://security.debian.org/pool/updates/main/o/openssl/libssl0.9.8_0.9.8c-4etch9_sparc.deb > Size/MD5 checksum: 2126592 515b45a886c700c951206f9812a0d775 > http://security.debian.org/pool/updates/main/o/openssl/libcrypto0.9.8-udeb_0.9.8c-4etch9_sparc.udeb > Size/MD5 checksum: 539090 ebdf1e6a431363d3cb0280fb73092631 > > > Debian GNU/Linux 5.0 alias lenny > - -------------------------------- > > Stable updates are available for alpha, amd64, arm, armel, hppa, > i386, ia64, mips, mipsel, powerpc, s390 and sparc. > > Source archives: > > http://security.debian.org/pool/updates/main/o/openssl/openssl_0.9.8g-15+lenny5.dsc > Size/MD5 checksum: 1972 dd98f13a10c81fdf68ad1a81fa80a659 > http://security.debian.org/pool/updates/main/o/openssl/openssl_0 -- To UNSUBSCRIBE, email to debian-security-REQUEST@... with a subject of "unsubscribe". Trouble? Contact listmaster@...
	Re: [SECURITY] [DSA 1888-1] New openssl packages deprecate MD2 hash signatures by Kees Cook-6 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Wed, Sep 16, 2009 at 12:02:11AM +0200, Philipp Kern wrote: > On Tue, Sep 15, 2009 at 11:37:22PM +0200, Moritz Muehlenhoff wrote: > > Certificates with MD2 hash signatures are no longer accepted by OpenSSL, > > since they're no longer considered cryptographically secure. > > looking at ca-certificates it would affect those certs from the Mozilla > truststore: > > Verisign_Class_1_Public_Primary_Certification_Authority.crt > Verisign_Class_2_Public_Primary_Certification_Authority.crt > Verisign_Class_3_Public_Primary_Certification_Authority.crt > Verisign_RSA_Secure_Server_CA.crt > > Those are Root CAs with MD2 signatures on them. This does not mean that they > use MD2 to sign others, of course. Are those an attack vector and ought those > to be dropped from the package? Especially as we store them on the user's > system it should not be possible to spoof another key with a hash collision > as only the one on disk should be trusted? Since MD2 is ignored, no spoofing should be possible. And as long as top-level self-signatures aren't checked[1], it should be fine to leave those certs until they are updated (AFAIK, Verisign has re-signed their top-level certs with SHA-1). -Kees [1] http://marc.info/?l=openssl-cvs&m=124508133203041&w=2 -- Kees Cook @debian.org -- To UNSUBSCRIBE, email to debian-security-REQUEST@... with a subject of "unsubscribe". Trouble? Contact listmaster@...
	Re: [SECURITY] [DSA 1888-1] New openssl packages deprecate MD2 hash signatures by Florian Weimer :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message * Philipp Kern: > Those are Root CAs with MD2 signatures on them. This does not mean that they > use MD2 to sign others, of course. Are those an attack vector and ought those > to be dropped from the package? The attack vector requires a complete break of MD2. You'd take that published RSA-based self-signature on an MD2 hash value, and construct something which hashes to the same value under MD2, but is more meaningful than a self-signature (it could be another CA certificate, for instance). Cryptographically, self-signatures on root CA certificates do not matter. Some implementations check them, but this is a mere consistency check, adding no security value. -- To UNSUBSCRIBE, email to debian-security-REQUEST@... with a subject of "unsubscribe". Trouble? Contact listmaster@...