Bug 1199751 - (CVE-2022-1736) VUL-0: CVE-2022-1736: gnome-control-center: GNOME Settings could allow unintended access to network services.
(CVE-2022-1736)
VUL-0: CVE-2022-1736: gnome-control-center: GNOME Settings could allow uninte...
Status: NEW
Classification: openSUSE
Product: openSUSE Tumbleweed
Classification: openSUSE
Component: Security
Current
Other Other
: P3 - Medium : Normal (vote)
: ---
Assigned To: openSUSE GNOME
E-mail List
https://smash.suse.de/issue/332426/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-05-20 09:07 UTC by Carlos López
Modified: 2022-05-20 09:15 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Carlos López 2022-05-20 09:07:10 UTC
rh#2088691

It was discovered that GNOME Settings incorrectly handled the remote desktop sharing configuration. When turning off desktop sharing, it may be
turned on again after rebooting, contrary to expectations.

References:
  https://ubuntu.com/security/notices/USN-5430-1
  https://launchpad.net/ubuntu/+source/gnome-control-center/1:41.4-1ubuntu13.2

References:
https://bugzilla.redhat.com/show_bug.cgi?id=2088691
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1736
Comment 1 Carlos López 2022-05-20 09:09:26 UTC
None of our SLE codestreams contain the RDP code, so only openSUSE:Factory is affected. Also, looking at the upstream discussion [0], this might only be relevant for Debian/Ubuntu.

[0] https://gitlab.gnome.org/GNOME/gnome-control-center/-/issues/1825