[USN-6554-1] GNOME Settings vulnerability

Alex Murray alex.murray at canonical.com
Wed Dec 13 03:43:51 UTC 2023


==========================================================================
Ubuntu Security Notice USN-6554-1
December 13, 2023

gnome-control-center vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.10
- Ubuntu 23.04
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

GNOME Settings could allow unintended access to network services.

Software Description:
- gnome-control-center: utilities to configure the GNOME desktop

Details:

Zygmunt Krynicki discovered that GNOME Settings did not accurately reflect
the SSH remote login status when the system was configured to use systemd
socket activation for OpenSSH. Remote SSH access may be unknowingly
enabled, contrary to expectation.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.10:
  gnome-control-center            1:45.0-1ubuntu3.1

Ubuntu 23.04:
  gnome-control-center            1:44.0-1ubuntu6.1

Ubuntu 22.04 LTS:
  gnome-control-center            1:41.7-0ubuntu0.22.04.8

Ubuntu 20.04 LTS:
  gnome-control-center            1:3.36.5-0ubuntu4.1

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-6554-1
  CVE-2023-5616

Package Information:
  https://launchpad.net/ubuntu/+source/gnome-control-center/1:45.0-1ubuntu3.1
  https://launchpad.net/ubuntu/+source/gnome-control-center/1:44.0-1ubuntu6.1
  https://launchpad.net/ubuntu/+source/gnome-control-center/1:41.7-0ubuntu0.22.04.8
  https://launchpad.net/ubuntu/+source/gnome-control-center/1:3.36.5-0ubuntu4.1

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 524 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20231213/903d3ae8/attachment-0001.sig>


More information about the ubuntu-security-announce mailing list