• ShortN0te
    link
    fedilink
    arrow-up
    14
    ·
    24 days ago

    Wasn’t the CVE fixed in a reasonable time frame? I seriously doubt that the maintainers would have ignored it if it wouldn’t have been discussed so publicly.

    AFAIK, to exploit it, you need network access to CUPS then add the printer and then the client needs to add/select a new printer on the client device and actively print something.

    If CUPS is reachable from the internet, then the system/network is misconfigured anyway, no excuse for ignoring the issue but those systems have other sever issues anyway.