Bug 15229 - md5sum is an insecure hashcheck
Summary: md5sum is an insecure hashcheck
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: RPM Packages (show other bugs)
Version: Cauldron
Hardware: x86_64 Linux
Priority: Normal major
Target Milestone: ---
Assignee: Anssi Hannula
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-02-07 20:08 CET by Olav Vitters
Modified: 2015-03-15 02:40 CET (History)
0 users

See Also:
Source RPM: flash-player-plugin-11.2.202.442-1.mga5.nonfree.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Olav Vitters 2015-02-07 20:08:32 CET 
flash-player-plugin uses md5sum to verify the downloaded file. This hashing method is not secure anymore. It should be switched to:
1. sha256sum
2. Verify the length as well

Checking length as well as usage of a better hashing method will make it very difficult to compromise the security.

Reproducible: 

Steps to Reproduce:
Comment 1 Anssi Hannula 2015-03-15 02:40:59 CET 
Fixed in flash-player-plugin-11.2.202.451-1.mga5.nonfree and flash-player-plugin-11.2.202.451-1.mga4.nonfree.

Thanks.

Status: NEW => RESOLVED
Resolution: (none) => FIXED
Note You need to log in before you can comment on or make changes to this bug.