• deadcade@lemmy.deadca.de
    link
    fedilink
    arrow-up
    9
    arrow-down
    2
    ·
    2 months ago

    As far as I’m aware, the exploit requires someone to try printing using a malicious networked printer. It is a vulnerability, yes, but it affects essentially nobody. Who tries manually printing something on a server exposed to the internet?

    Although for local network access, like in a corporation using Linux on desktops, the vulnerability is an actual risk.

      • deadcade@lemmy.deadca.de
        link
        fedilink
        arrow-up
        4
        ·
        2 months ago

        Even there, if the stars align (network access, cups being used), you still need to convince the user of the device to switch printer.

      • CodeGameEat@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        2 months ago

        Ive worked with thermal printers used in POS, and usually they use a different protocol than notmal printing so you’re not using cups (basically you send “commands” with text and its position). But i am sure there are some exceptions…

    • koper@feddit.nl
      link
      fedilink
      arrow-up
      1
      ·
      2 months ago

      Even if you computer is not exposed to the internet: are you certain that every other device on the network is safe (even on public wifi)? Would you immediately raise the alarm if you saw a second printer in the list with the same name, or something like “Print to file”? I think I personally could fall for that under the right circumstances.

      • deadcade@lemmy.deadca.de
        link
        fedilink
        arrow-up
        1
        ·
        2 months ago

        That was a possibility with this exploit, but realistically that doesn’t affect nearly as many people as “All GNU/Linux systems”.