CVE 2012-4929
The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differences during a series of guesses in which a string in an HTTP request potentially matches an unknown string in an HTTP header, aka a "CRIME" attack.
Related bugs and status
CVE-2012-4929 (Candidate) is related to these bugs:
Bug #1057578: Vulnerable against "CRIME" attack
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1057578 | Vulnerable against "CRIME" attack | qt4-x11 (Ubuntu) | Undecided | Fix Released | ||
| 1057578 | Vulnerable against "CRIME" attack | qt4-x11 (Ubuntu Oneiric) | Undecided | Fix Released | ||
| 1057578 | Vulnerable against "CRIME" attack | qt4-x11 (Ubuntu Precise) | Undecided | Fix Released | ||
| 1057578 | Vulnerable against "CRIME" attack | qt4-x11 (Ubuntu Quantal) | Undecided | Fix Released | ||
| 1057578 | Vulnerable against "CRIME" attack | qt4-x11 (Ubuntu Lucid) | Undecided | Fix Released | ||
| 1057578 | Vulnerable against "CRIME" attack | qt4-x11 (Ubuntu Natty) | Undecided | Won't Fix | ||
Bug #1068854: Support option to disable TLS compression to protect against CRIME attack
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1068854 | Support option to disable TLS compression to protect against CRIME attack | apache2 (Ubuntu) | Undecided | Fix Released | ||
| 1068854 | Support option to disable TLS compression to protect against CRIME attack | apache2 (Debian) | Unknown | Fix Released | ||
| 1068854 | Support option to disable TLS compression to protect against CRIME attack | Apache2 Web Server | Wishlist | Fix Released | ||
| 1068854 | Support option to disable TLS compression to protect against CRIME attack | apache2 (Fedora) | Medium | Fix Released | ||
Bug #1077434: Apache 2.2.14 Server Status no longer available
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1077434 | Apache 2.2.14 Server Status no longer available | apache2 (Ubuntu) | Medium | Invalid | ||
Bug #1187195: OpenSSL site-wide compression disable tracking bug
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1187195 | OpenSSL site-wide compression disable tracking bug | openssl (Ubuntu) | Undecided | Fix Released | ||
| 1187195 | OpenSSL site-wide compression disable tracking bug | openssl (Ubuntu Lucid) | Undecided | Fix Released | ||
| 1187195 | OpenSSL site-wide compression disable tracking bug | openssl (Ubuntu Precise) | Undecided | Fix Released | ||
| 1187195 | OpenSSL site-wide compression disable tracking bug | openssl (Ubuntu Saucy) | Undecided | Fix Released | ||
| 1187195 | OpenSSL site-wide compression disable tracking bug | openssl (Ubuntu Quantal) | Undecided | Fix Released | ||
| 1187195 | OpenSSL site-wide compression disable tracking bug | openssl (Ubuntu Raring) | Undecided | Fix Released | ||
Bug #1811531: remote execution vulnerability
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1811531 | remote execution vulnerability | zeromq3 (Ubuntu) | Undecided | Fix Released | ||
| 1811531 | remote execution vulnerability | zeromq3 (Debian) | Unknown | Fix Released | ||
| 1811531 | remote execution vulnerability | zeromq (Suse) | High | Fix Released | ||
See the 
CVE page on Mitre.org
for more details.
