Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2023-5616

Publication date 13 December 2023

Last updated 24 July 2024

Ubuntu priority

Medium

Why this priority?

In Ubuntu, gnome-control-center did not properly reflect SSH remote login status when the system was configured to use systemd socket activation for openssh-server. This could unknowingly leave the local machine exposed to remote SSH access contrary to expectation of the user.

From the Ubuntu Security Team

Zygmunt Krynicki discovered that GNOME Settings did not accurately reflect the SSH remote login status when the system was configured to use systemd socket activation for OpenSSH. Remote SSH access may be unknowingly enabled, contrary to expectation.

Read the notes from the security team

Status

Package Ubuntu Release Status
gnome-control-center 24.10 oracular
Fixed 1:45.0-1ubuntu4
24.04 LTS noble
Fixed 1:45.0-1ubuntu4
23.10 mantic
Fixed 1:45.0-1ubuntu3.1
23.04 lunar
Fixed 1:44.0-1ubuntu6.1
22.04 LTS jammy
Fixed 1:41.7-0ubuntu0.22.04.8
20.04 LTS focal
Fixed 1:3.36.5-0ubuntu4.1
18.04 LTS bionic
Needs evaluation
16.04 LTS xenial
Needs evaluation
14.04 LTS trusty Ignored end of standard support

Notes

alexmurray

systemd socket activation is only used by default for openssh-server since Ubuntu 22.10. Earlier releases would only be affected if the local system administrator had manually configured the system to use systemd socket activation. As such this issue is considered low priority on Ubuntu releases before 22.10.

References

Related Ubuntu Security Notices (USN)

    • USN-6554-1
    • GNOME Settings vulnerability
    • 13 December 2023

Other references