TLDR, CUPS + bonjour was auto adding any printer advertised to it over mdns and not validating data coming from the printer. Spoof a printer advertisement and send malicious code. Tada, remote code execution as root. 

 Linux was adding something automactically without User input? I understand discovery, but non-validated or approved data? Sheeeeesh.