Oval Definition:	oval:com.ubuntu.precise:def:20124929000
Revision Date: 2012-09-15 Version: 1 Title: CVE-2012-4929 on Ubuntu 12.04 LTS (precise) - medium. Description: The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a "CRIME" attack. Family: unix Class: vulnerability Status: Reference(s): CVE-2012-4929 Platform(s): Ubuntu 12.04 LTS Product(s): Definition Synopsis Ubuntu 12.04 LTS (precise) is installed. AND Package Information The 'apache2' package in precise was vulnerable but has been fixed (note: '2.2.22-1ubuntu1.2'). OR The 'chromium-browser' package in precise was vulnerable but has been fixed (note: '23.0.1271.97-0ubuntu0.12.04.1'). OR NOT While related to the CVE in some way, the 'nss' package in precise is not affected (note: 'code-not-compiled'). OR The 'openssl' package in precise was vulnerable but has been fixed (note: '1.0.1-4ubuntu5.10'). OR While related to the CVE in some way, a decision has been made to ignore it. OR The 'qt4-x11' package in precise was vulnerable but has been fixed (note: '4:4.8.1-0ubuntu4.3').
BACK