** Description changed: In the config script of openssh-server, the debconf database is updated with the values that are read from sshd_config. But if I'm not mistaken the yes/no logic is flipped: if [ "$permit_root_login" = yes ]; then - db_set openssh-server/permit-root-login false + db_set openssh-server/permit-root-login false else - db_set openssh-server/permit-root-login true + db_set openssh-server/permit-root-login true fi Discovered this in openssh-server 7.6p1-4ubuntu0.5 on Ubuntu 18.04.5 - LTS. Checked that this still unchcanged in 8.9p1-3 on jammy. + LTS. Checked that this is still unchcanged in 8.9p1-3 on jammy. I marked this a vulnerability as this might lead to unintended flipped settings of permitting root to log in.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1970585 Title: Logic for PermitRootLogin in config script is flipped To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1970585/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
