It was discovered that OpenSSH incorrectly handled signal management. A remote attacker could use this issue to bypass authentication and remotely access systems without proper credentials.
Please upgrade your OpenSSH to the latest version immediately by running:
sudo apt-get update -y
sudo apt-get install --only-upgrade openssh-server -y
sudo apt-get install --only-upgrade openssh-client -y
sudo systemctl restart sshd
Make sure you upgrade to openssh-server - 1:8.9p1-3ubuntu0.10 for Ubuntu 22.04 . You can check that by running:
ssh -V
OpenSSH_8.9p1 Ubuntu-3ubuntu0.10
If for whatever reason you cannot update openssh, another option is to set LoginGraceTime to 0 in /etc/ssh/sshd_config. This makes sshdvulnerable to a denial of service (the exhaustion of all MaxStartups connections), but it makes it safe from this vulnerability.
More details about this vulnerability can be found here:
Stay secure and thank you! 🙏