Linux

5081 readers

68 users here now

A community for everything relating to the linux operating system

Also check out !linux_memes@programming.dev

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 1 year ago

MODERATORS

Ategon@programming.dev

anzo@programming.dev

dwraf_of_ignorance@programming.dev

The CUPS explout is here: GitHub - RickdeJager/cupshax (github.com)

submitted 2 weeks ago by Blaze@lemmy.zip to c/linux@programming.dev

6 comments fedilink hide all child comments

cross-posted from: https://lemmy.zip/post/23601247

I hope this goes without saying but please do not run this on machines you don't own.

The good news:

the exploit seems to require user action

The bad news:

Device Firewalls are ineffective against this

if someone created a malicious printer on a local network like a library they could create serious issues

it is hard to patch without breaking printing

it is very easy to create printers that look legit

even if you don't hit print the cups user agent can reveal lots of information. This may be blocked at the Firewall

TLDR: you should be careful hitting print

you are viewing a single comment's thread
view the rest of the comments

[–] Vivendi@lemmy.zip 13 points 2 weeks ago

If there is ONE project that needs a rewrite in modern C++ OR Rust (or some other 'safe' language) it's FUCKING CUPS

Please, Rust fanatics, do ONE good instead of rewriting GPL programs into a corpo-rat license