Page 1 of 1
Linux Vulnerability Announced, Details Kept Secret
Posted: Wed Sep 25, 2024 11:02 pm
by Mauser
Lunduke video on Severe (9.9 / 10) Linux Vulnerability Announced, Details Kept Secret.
Hopefully this is not real.
https://www.youtube.com/watch?v=8PbTZaWFzf8
Re: Linux Vulnerability Announced, Details Kept Secret
Posted: Thu Sep 26, 2024 12:05 am
by figueroa
Re: Linux Vulnerability Announced, Details Kept Secret
Posted: Thu Sep 26, 2024 1:52 am
by Eadwine Rose
Did they finally find the one responsible for all the PEBKAC issues?
Re: Linux Vulnerability Announced, Details Kept Secret
Posted: Thu Sep 26, 2024 7:31 am
by j2mcgreg
The boy who cried wolf has more credibility than Bryan Lunduke.
Re: Linux Vulnerability Announced, Details Kept Secret
Posted: Thu Sep 26, 2024 8:07 am
by siamhie
Eadwine Rose wrote: Thu Sep 26, 2024 1:52 am
Did they finally find the one responsible for all the PEBKAC issues?
Re: Linux Vulnerability Announced, Details Kept Secret
Posted: Thu Sep 26, 2024 9:48 am
by siamhie
Here is the tweet that started it all.
https://threadreaderapp.com/thread/1838 ... 35132.html
Since this threat hasn't been assigned an actual rating yet and they (all involved) have led to an agreed timeline for disclosure
- September 30: Initial disclosure to the Openwall security mailing list.
October 6: Full public disclosure of the vulnerability details
Simone posted this tweet (now locked) on Sep 23rd but the initial disclosure (mailing list) will be on the 30th with a public disclosure on Oct 6th but this threat was disclosed (from him) 3 weeks ago (so beginning of Sep?).
Remember that apparently this flaw has been around for 10 years and we don't even know what is affected? Could this also affect *BSD systems (CUPS is thrown around in the comments on Slashdot)?
and quoting the last line from the tweet
And YES: I LOVE hyping the sh1t out of this stuff because apparently sensationalism is the only language that forces these people to fix.
I wonder just how severe this really is...hmm?
Re: Linux Vulnerability Announced, Details Kept Secret
Posted: Thu Sep 26, 2024 12:56 pm
by DukeComposed
Eadwine Rose wrote: Thu Sep 26, 2024 1:52 am
Did they finally find the one responsible for all the PEBKAC issues?
Alan Cox hasn't been involved in the project in years.
j2mcgreg wrote: Thu Sep 26, 2024 7:31 am
The boy who cried wolf has more credibility than Bryan Lunduke.
Bryan Lund, aka "Lunduke" has never been much of a journalist. He is at best a salesman whose career started as an Apple fanboy
pushing software for Mac written in BASIC, pivoted to Linux "journalism" with Chris Fisher, and has now descended into the aberrant far-right political extremism of pushing a narrative that SUSE thinks 50% of its users should die because of a single anti-hate remark a SUSE employee made on a SUSE subreddit during Pride month. While I imagine that Lund has always been conservative, he has in the last few years become more extremist and reactionary than he's ever been in the past and his most recent "Linux Sucks" yearly
address in which he spends a good chunk of it deliberately misinterpreting the SUSE comment is a clear example of how extreme he's gotten. His idea of Linux journalism is more tenuous and biased than ever before, and we're talking about the same man who once had a meltdown while conducting an interview with Richard M. Stallman.
Re: Linux Vulnerability Announced, Details Kept Secret
Posted: Thu Sep 26, 2024 1:27 pm
by Eadwine Rose
DukeComposed wrote: Thu Sep 26, 2024 12:56 pm
Eadwine Rose wrote: Thu Sep 26, 2024 1:52 am
Did they finally find the one responsible for all the PEBKAC issues?
Alan Cox hasn't been involved in the project in years.
Who?
To be honest, I don't care about this sort of stuff on who did what and when. You use the computer, you are responsible.
Re: Linux Vulnerability Announced, Details Kept Secret
Posted: Thu Sep 26, 2024 2:01 pm
by FullScale4Me
When I clicked the link and saw I was NOT subscribed even though the creator had a huge following a quote sometimes attributed to Ringo Star came to mind - "...Nothing here to see, move along..."
Re: Linux Vulnerability Announced, Details Kept Secret [Solved]
Posted: Thu Sep 26, 2024 7:04 pm
by siamhie
siamhie wrote: Thu Sep 26, 2024 9:48 am
Remember that apparently this flaw has been around for 10 years and we don't even know what is affected? Could this also affect *BSD systems (CUPS is thrown around in the comments on Slashdot)?
Whoever made that comment on Slashdot nailed it. He (Bryan) has an updated video out now and it is a CUPS based exploit.
The "9.9" Linux Vulnerability Revealed: It's The Printers
Re: Linux Vulnerability Announced, Details Kept Secret
Posted: Thu Sep 26, 2024 7:21 pm
by siamhie
If you don't want to waste 24 minutes of your time watching his video then head over here to read what he is reading verbatim.
Attacking UNIX Systems via CUPS, Part I
Re: Linux Vulnerability Announced, Details Kept Secret
Posted: Thu Sep 26, 2024 8:35 pm
by CharlesV
Re: Linux Vulnerability Announced, Details Kept Secret
Posted: Thu Sep 26, 2024 10:07 pm
by kernelkurtz
he has in the last few years become more extremist and reactionary than he's ever been in the past
This gets said by more and more people,
about more and more people.
I will just point out that there is a valid alternative explanation. Which is that people don't change all that much, but the culture has shifted dramatically to 'the center' under their feet, leaving them looking extremist for views they've always held and the actions they take as a result. I believe it happened to Mr. Snowden.
To keep things almost back on topic, I contribute this:
https://en.wikipedia.org/wiki/Alan_Cox_ ... rogrammer)
Re: Linux Vulnerability Announced, Details Kept Secret
Posted: Fri Sep 27, 2024 12:09 am
by DukeComposed
kernelkurtz wrote: Thu Sep 26, 2024 10:07 pm
he has in the last few years become more extremist and reactionary than he's ever been in the past
This gets said by more and more people,
about more and more people.
I will just point out that there is a valid alternative explanation. Which is that people don't change all that much, but the culture has shifted dramatically to 'the center' under their feet, leaving them looking extremist for views they've always held and the actions they take as a result.
That theory asserts that the Overton window is shifting to the center. If this were true, emerging social and fiscal policies should be moderate right about now and there's ample evidence to suggest that's not the case.
In this specific situation, the BLM and antifa movements in the U. S. in 2020 hit Bryan Lund close to home, literally and figuratively, and it's some people's opinion that this spooked him enough to make him start doubling down on his political stance to the point that he is largely unable or unwilling to keep it separate from his tech reporting. This thread reminded me of the video
"Linux Sucks" Sucks, which I revisited tonight.
It reminded me of Bryan Lund's original "I have a politics website and a tech website, let's keep them separate" post and how readily he ignores this directive. My point remains: what he considers journalism shouldn't be mistaken for actual journalism and people need to be very, very careful when consuming his content. He has an agenda, moreso than most.
To that end, let me amend my statement from "he has in the last few years become more extremist and reactionary than he's ever been in the past" to "he has in the last few years become more open and brazen about his extremist and reactionary opinions and conspiracy theories that he has probably always had".
Re: Linux Vulnerability Announced, Details Kept Secret
Posted: Fri Sep 27, 2024 5:40 am
by MikeR
It looks like a patch is available, at least for Ubuntu and derivatives (Mint...):
https://ubuntu.com/security/notices/USN-7043-1
Re: Linux Vulnerability Announced, Details Kept Secret
Posted: Sat Sep 28, 2024 4:16 am
by mxrd
So to speak, for first aid it in a first step would be sufficient to completely deinstall cups and close port 631?
(i deinstalled cups for testing, in a vm and on bare metal, and on latter closed 631, and no negativ effect until now; )
Re: Linux Vulnerability Announced, Details Kept Secret
Posted: Sat Sep 28, 2024 5:10 am
by Eadwine Rose
Still able to print in all ways?
Re: Linux Vulnerability Announced, Details Kept Secret
Posted: Sat Sep 28, 2024 6:39 am
by mxrd
Eadwine Rose wrote: Sat Sep 28, 2024 5:10 am
Still able to print in all ways?
sorry, of course to consider,
if one has installed a printer urgently needed of course not to do it this way, or carefully
ponder about this method
but i don't need printing this way because of the special demands of the printer type i didnt get it to work, so i print
(that seldom that i really need it ) with the parrallel installed ifjdoiawng- OS (don't want to mention it in this forum
)
And, oc all imho: considering the security under this circumstances it looks for me to be worth to do it this way,
base installing of cups looks easy with synaptic, so when vulnerabilitiy-situation will alleviate it looks like
installing again is a breeze?!?
Re: Linux Vulnerability Announced, Details Kept Secret
Posted: Sat Sep 28, 2024 6:53 am
by dreamer
The severe vulnerability 9.9/10 doesn’t impact basic printing and scanning.
The easiest solution is to uninstall the cups-browsed package. I always do this on my personal snapshots. It doesn’t affect printing or scanning. If you don’t want to uninstall the cups-browsed package you can disable the service while you wait for patches to be delivered.
Red Hat has a good write-up:
https://www.redhat.com/en/blog/red-hat- ... rabilities
Re: Linux Vulnerability Announced, Details Kept Secret
Posted: Sat Sep 28, 2024 7:23 am
by AK-47
Eadwine Rose wrote: Thu Sep 26, 2024 1:27 pmTo be honest, I don't care about this sort of stuff on who did what and when. You use the computer, you are responsible.
Speaking as a dev, if only modern day computers and software were still that simple...
Re: Linux Vulnerability Announced, Details Kept Secret
Posted: Sun Sep 29, 2024 1:41 pm
by mxethernut
Thank you MX/Debian for getting updates out quickly!
Re: Linux Vulnerability Announced, Details Kept Secret
Posted: Sun Sep 29, 2024 2:48 pm
by richb
Re: Linux Vulnerability Announced, Details Kept Secret
Posted: Sun Sep 29, 2024 2:49 pm
by Eadwine Rose
I SO hit on those like a boss.
Re: Linux Vulnerability Announced, Details Kept Secret
Posted: Sun Sep 29, 2024 3:13 pm
by mxethernut
Details Kept Secret
Hm details were disclosed, but above my knowledge!
https://youtu.be/lXljErWpcRQ?t=68
Re: Linux Vulnerability Announced, Details Kept Secret
Posted: Sun Sep 29, 2024 4:50 pm
by uncle mark
So all the Linux installs around the world aren't going to get pwnd any time soon?
Re: Linux Vulnerability Announced, Details Not Kept Secret
Posted: Sun Sep 29, 2024 5:41 pm
by karlchen
Hi, folks.
Although the thread title told otherwise, the details about the CUPS vulnerabilities have been publically available since September 26th e.g. in several written articles on several webpages.
Anway.
The most important detail is: the Debian CUPS patches are being distributed by the MX Updater by now.
Received them on my MX 21.3 only a few minutes ago.
Code: Select all
cups (2.3.3op2-3+deb11u9) bullseye-security; urgency=medium
* CVE-2024-47175
Fix CVE and upstream also added some extra hardening to patch
- validate URIs, attribute names, and capabilities
in cups/ppd-cache.c, scheduler/ipp.c
- sanitize make and model in cups/ppd-cache.c
- PPDize preset and template names in cups/ppd-cache.c
- quote PPD localized strings in cups/ppd-cache.c
- fix warnings in cups/ppd-cache.c
-- Thorsten Alteholz <debian@alteholz.de> Thu, 26 Sep 2024 23:45:05 +0200
Code: Select all
cups-filters (1.28.7-1+deb11u3) bullseye-security; urgency=high
* CVE-2024-47076 (Closes: #1082827)
cfGetPrinterAttributes5(): Validate response attributes before return
* CVE-2024-47176 (Closes: #1082820)
Default BrowseRemoteProtocols should not include "cups" protocol
-- Thorsten Alteholz <debian@alteholz.de> Thu, 26 Sep 2024 23:45:05 +0200
Karl
Re: Linux Vulnerability Announced, Details Kept Secret
Posted: Sun Sep 29, 2024 6:25 pm
by entropyfoe
carlchen wrote
The most important detail is: the Debian CUPS patches are being distributed by the MX Updater by now.
Received them on my MX 21.3 only a few minutes ago.
Thanks to the dev and packaging team, and up stream at Debian.
Thanks for the swift action.
Re: Linux Vulnerability Announced, Details Kept Secret
Posted: Sun Sep 29, 2024 6:35 pm
by GuiGuy
Re: Linux Vulnerability Announced, Details Kept Secret
Posted: Sun Sep 29, 2024 7:30 pm
by Stevo
entropyfoe wrote: Sun Sep 29, 2024 6:25 pm
carlchen wrote
The most important detail is: the Debian CUPS patches are being distributed by the MX Updater by now.
Received them on my MX 21.3 only a few minutes ago.
Thanks to the dev and packaging team, and up stream at Debian.
Thanks for the swift action.
All credit goes to Debian for this response, we devs just stand by and cheer them on for these fixes.
Re: Linux Vulnerability Announced, Details Kept Secret
Posted: Mon Sep 30, 2024 12:41 am
by LinuxSpring1
The temporary fix for this as mentioned in the link is to
This remote code execution issue can be exploited across the public Internet via a UDP packet to port 631 without needing any authentication, assuming the CUPS port is open through your router/firewall. LAN attacks are also possible via spoofing zeroconf / mDNS / DNS-SD advertisements.
Besides CUPS being used on Linux distributions, it also affects some BSDs, Oracle Solaris, Google Chrome OS, and others.
As of writing there is no Linux fix available for this high profile security issue. In the meantime it's recommended to disable and remove the "cups-browsed" service, updating CUPS, or at least blocking all traffic to UDP port 631.
So till a fix is made available does the UDP port 631 need to be blocked? And/Or should the cups-browsed service be disabled? It is enabled by default on KDE MX Linux 23.3 having Debian 12.7.
dreamer wrote: Sat Sep 28, 2024 6:53 am
The severe vulnerability 9.9/10 doesn’t impact basic printing and scanning.
The easiest solution is to uninstall the cups-browsed package. I always do this on my personal snapshots. It doesn’t affect printing or scanning. If you don’t want to uninstall the cups-browsed package you can disable the service while you wait for patches to be delivered.
Red Hat has a good write-up:
https://www.redhat.com/en/blog/red-hat- ... rabilities
Actually
@dreamer that might not be correct. From the article that is linked
Mitigation of these vulnerabilities is as simple as running two commands, especially in any environment where printing is not needed.
So if the service cups-browsed is disabled or the package is uninstalled then will not the printing and scanning be impacted? Because the RedHat article refers to the case where printing is not needed. Many of us are using Desktops and there printing and scanning is required.
Re: Linux Vulnerability Announced, Details Kept Secret
Posted: Mon Sep 30, 2024 12:50 am
by CharlesV
It looked like the fixes that were posted resolved 3 of the 4 issues ?
If your machine is not in a hostile environment, and you have a firewall between you and the internet (ie your machine ip is not exposed TO the internet)... then there is little chance there will be an issue.
But, yes, it looks like blocking UDP port 631 will be the best stop for this.
Re: Linux Vulnerability Announced, Details Kept Secret
Posted: Mon Sep 30, 2024 4:10 am
by operadude
But, yes, it looks like blocking UDP port 631 will be the best stop for this.
@CharlesV Silly(?) Question:
I am not (to the best of my knowledge) in a hostile environment, and I occasionally use port 631 (localhost) to login, via my password-protected router, into "CUPS", so as to maintain and/or change my printers (drivers, names, etc), that are all (Network) shared on my Local Network (router).
Given all of the previous comments, should I NOT be using port 631?
I do not know of any other way to login to CUPS.
Oh...I'm not sure if I'm using UDP, or some other protocol. I guess I'm using whatever the defaults are for all MX distros (KDE, Fluxbox, Xfce)-- I use all of them.
Awaiting precious explication...
Re: Linux Vulnerability Announced, Details Kept Secret
Posted: Mon Sep 30, 2024 5:18 am
by mxethernut
@operadude: Looks like you do not want to disable the system.d cups-browsed service because you need your printers:
joekamprad @EOS forum wrote:
to check if you have it enabled
Code: Select all
sudo systemctl disable --now cups-browsed
to stop/disable.
Is it
and
on Sysvinit? (Not using it b/c of sound issues)
Do you have ufw/gufw installed and running as a service?
You can close port 631 with this firewall. It will protect this and all other ports by default.
ufw deny 631/tcp >> Please check https://docs.e2enetworks.com/guides/ufw.html, this is for system.d however.
Re: Linux Vulnerability Announced, Details Kept Secret
Posted: Mon Sep 30, 2024 5:50 am
by karlchen
Hello, LinuxSpring1.
LinuxSpring1 wrote: Mon Sep 30, 2024 12:41 am
So if the service cups-browsed is disabled or the package is uninstalled then will not the printing and scanning be impacted? Because the RedHat article refers to the case where printing is not needed. Many of us are using Desktops and there printing and scanning is required.
The answer to this question is: well, it depends.
In case your network MFP printer has been added to your system through cups-browsed only, then switching off cup-browsed will indeed make the device disappear from the system again. So, the answer in this case would be: yes.
In case, however, your network MFP device has been set up manually e.g. through HPLIP like my HP Color Laserjet Pro MFP M277dw, then during this setup the MFP's IP address has been added to the relevant configuration files. As a consequence the system will not depend on cups-browsed in order to connect to the MFP. Printing and scanning will work without cups-browsed.
Note:
HPLIP is only used for HP printers and scanners. For printers of other producers you will have to install their appropriate driver software instead.
Hope my explanation was not too confusing.
Karl
Re: Linux Vulnerability Announced, Details Kept Secret
Posted: Mon Sep 30, 2024 5:59 am
by karlchen
Hell, mxethernut-
mxethernut wrote: Mon Sep 30, 2024 5:18 amDo you have ufw/gufw installed and running as a service? You can close port 631 with this firewall.
Closing TCP port 631 is closing the CUPS port. I suspect this will prevent you from printing completely.
In order to prevent connecting to
cups-browsed from outside you have to
close UDP port 631.
In the most simple scenario you simply switch on
ufw by executing
This will tell the MX software firewall to reject any incoming connection requests, including UDP port 631.
Karl
Re: Linux Vulnerability Announced, Details Kept Secret
Posted: Mon Sep 30, 2024 7:44 am
by operadude
mxethernut wrote: Mon Sep 30, 2024 5:18 am
@operadude: Looks like you do not want to disable the system.d cups-browsed service because you need your printers:
joekamprad @EOS forum wrote:
to check if you have it enabled
Code: Select all
sudo systemctl disable --now cups-browsed
to stop/disable.
Is it
and
on Sysvinit? (Not using it b/c of sound issues)
Do you have ufw/gufw installed and running as a service?
You can close port 631 with this firewall. It will protect this and all other ports by default.
ufw deny 631/tcp >> Please check https://docs.e2enetworks.com/guides/ufw.html, this is for system.d however.
Yeah, I am not changing anything until I hear that I really should!
Thanks for the command snippets, but I am using sysVinit, and thus no "systctl":
Code: Select all
$ systemctl status cups-browsed
System has not been booted with systemd as init system (PID 1). Can't operate.
Failed to connect to bus: Host is down
And:
Code: Select all
$ systemctl status cups-browsed.service
System has not been booted with systemd as init system (PID 1). Can't operate.
Failed to connect to bus: Host is down
Good to Know:
Do you have ufw/gufw installed and running as a service? You can close port 631 with this firewall. It will protect this and all other ports by default.
My ufw status:
Code: Select all
$ sudo ufw status
[sudo] password for opera-dude:
Status: active
Assuming for now that I'm OK.
Re: Linux Vulnerability Announced, Details Kept Secret
Posted: Mon Sep 30, 2024 7:50 am
by operadude
karlchen wrote: Mon Sep 30, 2024 5:59 am
Hell, mxethernut-
mxethernut wrote: Mon Sep 30, 2024 5:18 amDo you have ufw/gufw installed and running as a service? You can close port 631 with this firewall.
Closing TCP port 631 is closing the CUPS port. I suspect this will prevent you from printing completely.
In order to prevent connecting to
cups-browsed from outside you have to
close UDP port 631.
In the most simple scenario you simply switch on
ufw by executing
This will tell the MX software firewall to reject any incoming connection requests, including UDP port 631.
Karl
Feeling better that I have "ufw" enabled (I think it's the default now)
Re: Linux Vulnerability Announced, Details Kept Secret
Posted: Mon Sep 30, 2024 9:34 am
by aika
mxethernut wrote: Sun Sep 29, 2024 1:41 pm
Thank you MX/Debian for getting updates out quickly!
Code: Select all
Start-Date: 2024-09-30 01:10:34
Commandline: apt dist-upgrade
Requested-By: aika (1000)
Upgrade: libcups2:amd64 (2.3.3op2-3+deb11u8, 2.3.3op2-3+deb11u9), cups-filters:amd64 (1.28.7-1+deb11u2, 1.28.7-1+deb11u3), cups-bsd:amd64 (2.3.3op2-3+deb11u8, 2.3.3op2-3+deb11u9), cups-common:amd64 (2.3.3op2-3+deb11u8, 2.3.3op2-3+deb11u9), cups-client:amd64 (2.3.3op2-3+deb11u8, 2.3.3op2-3+deb11u9), cups-ppdc:amd64 (2.3.3op2-3+deb11u8, 2.3.3op2-3+deb11u9), cups-daemon:amd64 (2.3.3op2-3+deb11u8, 2.3.3op2-3+deb11u9), libfontembed1:amd64 (1.28.7-1+deb11u2, 1.28.7-1+deb11u3), cups-filters-core-drivers:amd64 (1.28.7-1+deb11u2, 1.28.7-1+deb11u3), cups-ipp-utils:amd64 (2.3.3op2-3+deb11u8, 2.3.3op2-3+deb11u9), cups-browsed:amd64 (1.28.7-1+deb11u2, 1.28.7-1+deb11u3), cups-core-drivers:amd64 (2.3.3op2-3+deb11u8, 2.3.3op2-3+deb11u9), cups:amd64 (2.3.3op2-3+deb11u8, 2.3.3op2-3+deb11u9), cups-server-common:amd64 (2.3.3op2-3+deb11u8, 2.3.3op2-3+deb11u9), libcupsfilters1:amd64 (1.28.7-1+deb11u2, 1.28.7-1+deb11u3)
End-Date: 2024-09-30 01:11:20
My firewall was activated beforehand anyway:
Code: Select all
sudo ufw status verbose
[sudo] Passwort fĂĽr aika:
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip
To Action From
-- ------ ----
5060/udp ALLOW IN Anywhere
1720/tcp ALLOW IN Anywhere
39275/udp ALLOW IN Anywhere
...
Re: Linux Vulnerability Announced, Details Kept Secret
Posted: Mon Sep 30, 2024 10:18 am
by mxethernut
Feeling better that I have "ufw" enabled (I think it's the default now)
Unsure, it might be.
Is it?
I remember Manjaro had it off by default
Re: Linux Vulnerability Announced, Details Kept Secret
Posted: Mon Sep 30, 2024 10:22 am
by mxethernut
operadude wrote: Mon Sep 30, 2024 7:44 am
Thanks for the command snippets, but I am using sysVinit, and thus no "systctl":
Assuming for now that I'm OK.
Yes you probably are.
Can you try:
or
Re: Linux Vulnerability Announced, Details Kept Secret
Posted: Mon Sep 30, 2024 10:51 am
by CharlesV
operadude wrote: Mon Sep 30, 2024 4:10 am
But, yes, it looks like blocking UDP port 631 will be the best stop for this.
@CharlesV Silly(?) Question:
I am not (to the best of my knowledge) in a hostile environment, and I occasionally use port 631 (localhost) to login, via my password-protected router, into "CUPS", so as to maintain and/or change my printers (drivers, names, etc), that are all (Network) shared on my Local Network (router).
Given all of the previous comments, should I NOT be using port 631?
I do not know of any other way to login to CUPS.
Oh...I'm not sure if I'm using UDP, or some other protocol. I guess I'm using whatever the defaults are for all MX distros (KDE, Fluxbox, Xfce)-- I use all of them.
Awaiting precious explication...
Closing port 631 in your firewall will NOT stop you from loading cups on
http://localhost:631 You can still get to the interface and run CUPS.
It WILL prevent anyone else from coming into cups from a machine on your network . AND if your printer is shared on the network, it *will* stop anyone from printing to your printer ***IF*** your using the 631port (IPP printers ) .
But closing port 631 will NOT stop YOU from printing to your local printer. It also will NOT stop you from printing to a shared printer ON your network.
Re: Linux Vulnerability Announced, Details Kept Secret
Posted: Mon Sep 30, 2024 11:06 am
by CharlesV
There is a lot of incorrect information running on this topic, so lets get some cleared up!
First, there are 3 scenarios that your computer will be running:
a) Your computer is INSIDE on a private network. (ie you have a firewall and router that takes you to the internet and prevents anyone from coming in. You have a private IP, and you do NOT have any hostile machines (or potentially hostile machines) in your network. This is most home networking - 99.99% of the time, something like this CUPS issue will NOT be a problem
b) Your computer is inside a private network, but there are hostile, (or potentially hostile ) computers also in it. An example of this: Wifi at hotel, food court, coffee house, etc etc. Or, a friends house where they have computers that *might* be hacked. This is the place you want your firewall up and port 631 denied. ( Which by default unless you have shared your printer... 631 IS denied already.)
c) Your computer is 'on the internet' . And what this means is that YOUR computer has an external IP directly onto the internet. ( you can check your IP using the ifconfig command in a terminal. ) You should always have a firewall on and be VERY careful with this one!
If your unsure if you have a private IP or are on the internet ... read this:
https://www.geeksforgeeks.org/differenc ... addresses/
Now, having said ALL that... If your running MX23, then your firewall should be on by default. (Double check that!). AND, by default, access to your machine is denied, including port 631 - UNLESS you have shared your printer. (And on the machines I checked, just sharing your printer did NOT mean that port 631 was opened up!! I had to open it to get an IPP printer working.)
*** IF YOU DISABLE THE CUPS SERVICE *** then yes, you WILL break your printing - unless your printing is NOT using cups.
Updates just came in yesterday for MX21 & MX23 that resolved this printing issue. There is still one remaining issue of the four that needs to be resolved still.
Re: Linux Vulnerability Announced, Details Kept Secret
Posted: Mon Sep 30, 2024 1:07 pm
by operadude
@CharlesV
I wholeheartedly accept, as per usual, your thorough explications (note the plural)
Post Script: I will not be closing port 631 on my home machine.
Re: Linux Vulnerability Announced, Details Kept Secret
Posted: Tue Oct 01, 2024 2:11 pm
by dreamer
karlchen wrote: Mon Sep 30, 2024 5:50 am
Hello, LinuxSpring1.
LinuxSpring1 wrote: Mon Sep 30, 2024 12:41 am
So if the service cups-browsed is disabled or the package is uninstalled then will not the printing and scanning be impacted? Because the RedHat article refers to the case where printing is not needed. Many of us are using Desktops and there printing and scanning is required.
The answer to this question is: well, it depends.
In case your network MFP printer has been added to your system through cups-browsed only, then switching off cup-browsed will indeed make the device disappear from the system again. So, the answer in this case would be: yes.
In case, however, your network MFP device has been set up manually e.g. through HPLIP like my HP Color Laserjet Pro MFP M277dw, then during this setup the MFP's IP address has been added to the relevant configuration files. As a consequence the system will not depend on cups-browsed in order to connect to the MFP. Printing and scanning will work without cups-browsed.
Note:
HPLIP is only used for HP printers and scanners. For printers of other producers you will have to install their appropriate driver software instead.
Hope my explanation was not too confusing.
Karl
@LinuxSpring1
I didn't bother to reply to your question, because I think karlchen did a good job. The only thing I might add is that Red Hat is likely referring to "driverless" printing (IPP). So yes, if you use "driverless" printing, then keep the cups-browsed package installed. I have never used IPP myself. One reason is that I have seen complaints on Linux Mint forum (Mint is set up to use IPP by default even if you connect through USB) that IPP doesn't provide all the printer settings since many settings are in the driver. So some people end up with a subset of printer settings when switching to IPP.
Re: Linux Vulnerability Announced, Details Kept Secret
Posted: Sun Oct 06, 2024 6:22 am
by mxethernut
https://www.youtube.com/watch?v=bLr5M1ijbbQ
The BIGGEST Linux CVE Ever Is A Printer Bug
Brodie Robertson
87.3K subscribers
12K views 2 days ago
Moderator: all bold removed, please don't bold text an entire post.
Re: Linux Vulnerability Announced, Details Kept Secret
Posted: Sun Oct 06, 2024 9:05 am
by AK-47
I think it is rather rude to be dropping links without any context, description, rhyme or reason, as if the forum is one's personal link farm. I suggest, can you please describe its contents or explain what the link is about, in the same post, so that people don't have to waste their time and bandwidth clicking on stuff they have probably seen before.
Re: Linux Vulnerability Announced, Details Kept Secret
Posted: Sun Oct 06, 2024 12:23 pm
by Jerry3904
+1
