Oval Definition:	oval:org.mitre.oval:def:17586
Revision Date: 2014-06-23 Version: 8 Title: DSA-2627-1 nginx - information leak Description: Juliano Rizzo and Thai Duong discovered a weakness in the TLS/SSL protocol when using compression. This side channel attack, dubbed CRIME, allows eavesdroppers to gather information to recover the original plaintext in the protocol. This update to nginx disables SSL compression. Family: unix Class: patch Status: ACCEPTED Reference(s): CVE-2012-4929 DSA-2627-1 Platform(s): Debian GNU/kFreeBSD 6.0 Debian GNU/Linux 6.0 Product(s): nginx Definition Synopsis Debian 6.0 is installed AND GNU/Linux or GNU/kFreeBSD kernel Debian GNU/Linux is installed OR Debian GNU/kFreeBSD is installed AND nginx DPKG is earlier than 0.7.67-3+squeeze3
BACK