Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2023-5616

Published: 13 December 2023

In Ubuntu, gnome-control-center did not properly reflect SSH remote login status when the system was configured to use systemd socket activation for openssh-server. This could unknowingly leave the local machine exposed to remote SSH access contrary to expectation of the user.

From the Ubuntu Security Team

Zygmunt Krynicki discovered that GNOME Settings did not accurately reflect the SSH remote login status when the system was configured to use systemd socket activation for OpenSSH. Remote SSH access may be unknowingly enabled, contrary to expectation.

Notes

AuthorNote
alexmurray
systemd socket activation is only used by default for
openssh-server since Ubuntu 22.10. Earlier releases would only be affected
if the local system administrator had manually configured the system to
use systemd socket activation. As such this issue is considered low priority
on Ubuntu releases before 22.10.

Priority

Medium

Status

Package Release Status
gnome-control-center
Launchpad, Ubuntu, Debian
trusty Ignored
(end of standard support)
xenial Needs triage

bionic Needs triage

focal
Released (1:3.36.5-0ubuntu4.1)
jammy
Released (1:41.7-0ubuntu0.22.04.8)
lunar
Released (1:44.0-1ubuntu6.1)
mantic
Released (1:45.0-1ubuntu3.1)
upstream Needs triage