I hope this goes without saying but please do not run this on machines you don’t own.
The good news:
- the exploit seems to require user action
The bad news:
-
Device Firewalls are ineffective against this
-
if someone created a malicious printer on a local network like a library they could create serious issues
-
it is hard to patch without breaking printing
-
it is very easy to create printers that look legit
-
even if you don’t hit print the cups user agent can reveal lots of information. This may be blocked at the Firewall
TLDR: you should be careful hitting print
deleted by creator
Any self-respecting distro pushed an update to fix this days ago, so just updating (and restarting cups) will do. But if you don’t print anyway, you might as well disable it.
There is currently no fix available
Edit: I’m mistaken
Not true, Arch and Ubuntu (the ones I personally checked on) already pushed patches that disabled cups browsed by default, removing the service listening on 631.
I mean both Red Hat and Ubuntu did ship updates to change the config of cups-browsed, so I don’t think that’s correct.
Maybe my information is out of date then
What? I got a patch on Arch yesterday.