Oddbean new post about login | logout Ubuntu 24 LTS this morning. https://image.nostr.build/4552cb45638439c2e30016fa31fe047e7ab5d1e3750926e3142f7060e5c98020.jpg
Did they ever outline what the actual RCE exploit was? Or are they waiting for enough updates to paper it over?
TLDR, CUPS + bonjour was auto adding any printer advertised to it over mdns and not validating data coming from the printer. Spoof a printer advertisement and send malicious code. Tada, remote code execution as root.
Linux was adding something automactically without User input? I understand discovery, but non-validated or approved data? Sheeeeesh.
