Bug 15229

Summary: md5sum is an insecure hashcheck
Product: Mageia Reporter: Olav Vitters <olav>
Component: RPM PackagesAssignee: Anssi Hannula <anssi.hannula>
Status: RESOLVED FIXED QA Contact:
Severity: major    
Priority: Normal    
Version: Cauldron   
Target Milestone: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Source RPM: flash-player-plugin-11.2.202.442-1.mga5.nonfree.src.rpm CVE:
Status comment:

Description Olav Vitters 2015-02-07 20:08:32 CET 
flash-player-plugin uses md5sum to verify the downloaded file. This hashing method is not secure anymore. It should be switched to:
1. sha256sum
2. Verify the length as well

Checking length as well as usage of a better hashing method will make it very difficult to compromise the security.

Reproducible: 

Steps to Reproduce:
Comment 1 Anssi Hannula 2015-03-15 02:40:59 CET 
Fixed in flash-player-plugin-11.2.202.451-1.mga5.nonfree and flash-player-plugin-11.2.202.451-1.mga4.nonfree.

Thanks.

Status: NEW => RESOLVED
Resolution: (none) => FIXED