27 Sep
2024
27 Sep
'24
12:10 p.m.
On Thu, 26 Sep 2024 15:46:13 +1200, Peter Reutemann quoted:
'A critical unauthenticated Remote Code Execution (RCE) vulnerability has been discovered, impacting all GNU/Linux systems.'
It’s a bug in cups-browsed. Details have appeared all over the place, I found a copy here <https://gist.github.com/stong/c8847ef27910ae344a7b5408d9840ee1>. Summary: cups-browsed is listening on UDP port 631 for notifications of new printers appearing on the network; it blindly trusts the information it receives, leading to the code execution vulnerability. If you run CUPS, but don’t need the ability to dynamically discover printers, just get rid of this service for now: systemctl disable --now cups-browsed.service