Your submission was sent successfully! Close

CVE-2016-2183

Published: 31 August 2016

The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack.

Priority

Low

CVSS 3 base score: 7.5

Status

Package Release Status
gnutls26
Launchpad, Ubuntu, Debian
Upstream Not vulnerable

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable

gnutls28
Launchpad, Ubuntu, Debian
Upstream Not vulnerable

Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable

Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected)
nss
Launchpad, Ubuntu, Debian
Upstream
Released (3.27)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (2:3.28.4-0ubuntu1)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (2:3.28.4-0ubuntu0.16.04.1)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (2:3.28.4-0ubuntu0.14.04.1)
Patches:
Upstream: https://hg.mozilla.org/projects/nss/rev/a1b0b7023e19
Upstream: https://hg.mozilla.org/projects/nss/rev/71da21e9d6e9
openjdk-6
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [6b41-1.13.13-0ubuntu0.14.04.1])
openjdk-7
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [7u121-2.6.8-1ubuntu0.14.04.3])
openjdk-8
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(8u121-b13-3)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (8u121-b13-0ubuntu1.16.04.2)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

openssl
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 18.04 LTS (Bionic Beaver)
Released (1.0.2g-1ubuntu9)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (1.0.2g-1ubuntu4.4)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (1.0.1f-1ubuntu2.20)
Patches:
Upstream: https://git.openssl.org/?p=openssl.git;a=commit;h=0fff5065884d5ac61123a604bbcee30a53c808ff (1.0.2)
Upstream: https://git.openssl.org/?p=openssl.git;a=commit;h=e95f5e03f6f1f8d3f6cbe4b7fa48e57b4cf8fd60 (1.0.1)
openssl098
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needs-triage)

Notes

AuthorNote
mdeslaur
DES ciphers aren't typically selected as there are other
stronger ciphers placed earlier in default cipher lists
gnutls puts AES before 3DES in the cipher list

References

Bugs