Email or username:

Password:

Forgot your password?
Björkus "No time_t to Die" Dorkus

It's very cute how everyone's like "THIS DOESN'T AFFECT LINUX SERVERS, WHAT A NOTHING BURGER"

And then half of those same people turn around and go "THIS IS THE YEAR OF LINUX ON DESKTOP!!"

Yeah? You sure about that?

Love to have a community with a rampant, raging disregard for users try to at the same time turn around and court said users. Really makes you feel good about The Year of Linux on Desktop.

I'm not sure there's anything Apple/Microsoft could do to lose with enemies like these.

1 comment
Hector Martin

@thephd To be fair as far as I can tell Fedora doesn't even ship with cups-browsed enabled by default, nor the firewall hole to allow it inbound UDP.

And then the whole thing is remote code execution... as the lp user. Which on any reasonably configured system shouldn't be able to do things like read your home directory.

And you need to actually print to the printer to trigger it.

If it doesn't affect servers, and it only affects some desktop distros, and it needs user action (and a user action that isn't that common these days), and it's highly unlikely to be triggerable remotely for most desktop systems (firewalled or NATed) so you need LAN access, and at the end of the day it's only code execution as a limited privileges system user... then yeah, it pretty much qualifies as a nothingburger.

Distros will patch this, desktop users will update their system (happens a lot more consistently than servers), and life will move on with most likely zero exploited users.

@thephd To be fair as far as I can tell Fedora doesn't even ship with cups-browsed enabled by default, nor the firewall hole to allow it inbound UDP.

And then the whole thing is remote code execution... as the lp user. Which on any reasonably configured system shouldn't be able to do things like read your home directory.

Go Up