CVE 2016-2183
The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack.
Related bugs and status
CVE-2016-2183 (Candidate) is related to these bugs:
Bug #1593953: EC_KEY_generate_key() causes FIPS self-test failure
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1593953 | EC_KEY_generate_key() causes FIPS self-test failure | openssl (Ubuntu) | Undecided | Fix Released | ||
| 1593953 | EC_KEY_generate_key() causes FIPS self-test failure | openssl (Ubuntu Xenial) | Undecided | Fix Released | ||
Bug #1594748: CRYPTO_set_mem_functions() is broken
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1594748 | CRYPTO_set_mem_functions() is broken | openssl (Ubuntu) | Undecided | Fix Released | ||
| 1594748 | CRYPTO_set_mem_functions() is broken | OpenSSL | Unknown | Invalid | ||
| 1594748 | CRYPTO_set_mem_functions() is broken | openssl (Ubuntu Xenial) | Undecided | Fix Released | ||
Bug #1614210: Remove incomplete fips in openssl in xenial.
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1614210 | Remove incomplete fips in openssl in xenial. | openssl (Ubuntu) | Undecided | Fix Released | ||
| 1614210 | Remove incomplete fips in openssl in xenial. | openssl (Ubuntu Xenial) | Undecided | Fix Released | ||
| 1614210 | Remove incomplete fips in openssl in xenial. | openssl (Ubuntu Yakkety) | Undecided | Fix Released | ||
Bug #1622500: Backported bugfix for CVE-2014-3571 causes regressions for DTLS in Ubuntu 14.04
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1622500 | Backported bugfix for CVE-2014-3571 causes regressions for DTLS in Ubuntu 14.04 | openssl (Ubuntu) | Undecided | Invalid | ||
| 1622500 | Backported bugfix for CVE-2014-3571 causes regressions for DTLS in Ubuntu 14.04 | openssl (Ubuntu Trusty) | Undecided | Fix Released | ||
| 1622500 | Backported bugfix for CVE-2014-3571 causes regressions for DTLS in Ubuntu 14.04 | openssl (Ubuntu Precise) | Undecided | Fix Released | ||
Bug #1811531: remote execution vulnerability
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1811531 | remote execution vulnerability | zeromq3 (Ubuntu) | Undecided | Fix Released | ||
| 1811531 | remote execution vulnerability | zeromq3 (Debian) | Unknown | Fix Released | ||
| 1811531 | remote execution vulnerability | zeromq (Suse) | High | Fix Released | ||
See the 
CVE page on Mitre.org
for more details.
