Hi, On Fri, Sep 27, 2024 at 03:21:21PM +0200, Ralph Aichinger wrote: > oh well, the sensationalism around this is probably overdone > nevertheless.
As far as I understand it, you would need cups-browsed running on an unfirewalled host in which case an attacker could create a bogus printer that executed something as the "lp" user next time a user did a print job. The reporter asked for a score of 9.9 and made a lot of noise about it, and has since got upset that people asked for a reality check on that. Thanks, Andy -- https://bitfolk.com/ -- No-nonsense VPS hosting
