LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

qt: CRIME attacks

Package(s):qt CVE #(s):
Created:October 15, 2012 Updated:October 17, 2012
Description: From the qt advisory:

A security vulnerability has been discovered in the SSL/TLS protocol, which affects connections using compression.

All versions of TLS are believed to be affected. To address this, Qt will disable TLS compression by default.

If the attacker can insert data into the SSL connection, then by looking at the length of the compressed data it is possible to determine if the inserted data matches secret data or not.

Alerts:
Fedora FEDORA-2012-15194 2012-10-13
Fedora FEDORA-2012-15203 2012-10-17
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds