CVE-2004-2761

Published: 5 January 2009

The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature algorithm of an X.509 certificate.

Priority

Status

Package	Release	Status
firefox Launchpad, Ubuntu, Debian	dapper	Released (1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu2)
	gutsy	Not vulnerable (part of nss now)
	hardy	Not vulnerable (part of nss now)
	intrepid	Does not exist
	upstream	Needs triage
nss Launchpad, Ubuntu, Debian	dapper	Does not exist
	gutsy	Released (3.11.5-3ubuntu0.7.10.2)
	hardy	Released (3.12.0.3-0ubuntu0.8.04.5)
	intrepid	Released (3.12.0.3-0ubuntu5.8.10.1)
	upstream	Needs triage

References

https://ubuntu.com/security/notices/USN-740-1
https://www.cve.org/CVERecord?id=CVE-2004-2761
NVD
Launchpad
Debian

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.