Article Source Ubuntu Security Notices
September 14, 2009, 11:10 am
September 14, 2009, 11:10 am
Dan Kaminsky discovered OpenSSL would still accept certificates with MD2 hash signatures. As a result, an attacker could potentially create a malicious trusted certificate to impersonate another site. This update handles this issue by completely disabling MD2 for certificate validation…