Linux flaw that might be important

Today a Linux flaw was revealed that enables people to take over internet facing systems.
The issue is on almost all linux kernels and has been in existence for over 10 years :sunglasses:
The issue revolves around the CUPS protocol that is enabled by default in a lot of linux systems.

However, there’s a simple fix described here:
https://www.bleepingcomputer.com/news/security/cups-flaws-enable-linux-remote-code-execution-but-theres-a-catch/

I have found it to be active in Raspbian Bookworm and Debian12 systems, Dietpi and Armbian were unaffected.

Trying to make the world a little bit safer :wink:

2 Likes

Basically everyone here is running Raspbian Lite which doesn’t include it i believe.

1 Like

I can’t tell, I don’t run the lite version. Most pi’s here have additional duty’s :innocent::sunglasses:

1 Like

Thanks for that information on CUPS.
In fact, I have occasionally seen print outs where I couldn’t figure the source! Used the fix described in the link. Thanks again.

2 Likes

Does turning off cups-browsing service prevent normal printing from an RPi to a networked printer?

No that should function normally, you just disable the browsing for new printers and the possibility to add printers

1 Like

Now that I’m looking into this more, I noticed that CUPS printing doesn’t work any more! That is, with CUPS version 2.4.2-3+deb12u7 I can’t get printing to work. An older version (2.4.2-3+deb12u5) from about 3-months ago, does work. Anyone else having problems?

Edit to add:
Version 2.4.2-3+deb12u5 from 1 month ago also does not work. Apparently, something happened with a CUPS update from 1 to 3 months ago.

Sorry can’t assist with that, I have it disabled by default :innocent:

Well, truth be told, having CUPS on the RPi is a little nutty for just printing an occasional file from the RPi. I could just scp the file to my desktop machine (Mac) and print it from there. Would only take an extra minute or so.

2 Likes