* SECURITY UPDATE: Disable compression to avoid CRIME systemwide
(LP: #1187195)
- CVE-2012-4929
- debian/patches/openssl-1.0.1e-env-zlib.patch: disable default use of
zlib to compress SSL/TLS unless the environment variable
OPENSSL_DEFAULT_ZLIB is set in the environment during library
initialization.
- Introduced to assist with programs not yet updated to provide their own
controls on compression, such as Postfix
- http://pkgs.fedoraproject.org/cgit/openssl.git/plain/openssl-1.0.1e-env-zlib.patch
-- Seth Arnold <email address hidden> Mon, 03 Jun 2013 18:13:18 -0700
This bug was fixed in the package openssl - 1.0.1-4ubuntu5.10
---------------
openssl (1.0.1-4ubuntu5.10) precise-security; urgency=low
* SECURITY UPDATE: Disable compression to avoid CRIME systemwide patches/ openssl- 1.0.1e- env-zlib. patch: disable default use of DEFAULT_ ZLIB is set in the environment during library ation. pkgs.fedoraproj ect.org/ cgit/openssl. git/plain/ openssl- 1.0.1e- env-zlib. patch
(LP: #1187195)
- CVE-2012-4929
- debian/
zlib to compress SSL/TLS unless the environment variable
OPENSSL_
initializ
- Introduced to assist with programs not yet updated to provide their own
controls on compression, such as Postfix
- http://
-- Seth Arnold <email address hidden> Mon, 03 Jun 2013 18:13:18 -0700