Hi, I am running Ubuntu Server 22.04 and a recent security audit has highlighted that we are vulnerable to CVE-2023-28531, which requires an update of the openssh-server package to version 9.3 or higher. The highest I can go via the Ubuntu repositories is version 8.9p1.
Looking into it a little, the vulnerability seems fairly low severity and doesn't actually affect us as we don't use smart cards for authentication. Nevertheless, we can't pass the audit with the vulnerability still in place. Is it likely that the patch will be backported? Are there alternative repositories available that would allow me to upgrade? I am reluctant to get into compiling the latest version from source as I rather like having automatic security updates and, to my mind, losing that would make us even less secure than leaving the vulnerability unpatched.
Thank you!