Rob Isaac
if you work with linux in production roles, you probably want to cancel any fun things you had planned for September 30th and make sure your snack cupboard is well-stocked
Sep 26, 2024 at 12:24amWeb
Show threadSindarina, Edge Case DetectiveSep 26, 2024
@rmi Oh, you tease! 😛
Show threadArt Na Crea 🇮🇪 Sep 26, 2024
@rmi I'll bite - do tell!
Show threadArt Na Crea 🇮🇪 Sep 26, 2024
@rmi Ah, found it. Mmm.
Show threadAurynn ShawSep 26, 2024
@rmi oh no now what
Show threadPotato Enthusiast 🇵🇸Sep 26, 2024
@rmi fucks. What's up? I'm sick and so is my team so please tell me in small words.
Show threadRob IsaacSep 26, 2024
@Br3nda @aurynn Initial disclosure of a high-CVE RCE vulnerability.
Show threadGrumpSec SpottycatSep 26, 2024
@rmi @Br3nda @aurynn Is that the evilsocket one? if so it's possible it's CUPS related, so probably NOT that big a deal if you don't have it exposed/it isn't a print server.
Show threadmirabilos🐈‍⬛Sep 26, 2024
@kyhwana @rmi @Br3nda @aurynn heh cups was one of my guesses, the other two being systemd and systemd… looked at that a bit yesterday or so
Show threadPotato Enthusiast 🇵🇸Sep 26, 2024
@mirabilos @kyhwana @rmi @aurynn is there more info yet?
Show threadRob IsaacSep 26, 2024
@mirabilos @kyhwana @Br3nda @aurynn we are extremely overdue for the seismic systemd event that will destroy the world
Show threadPotato Enthusiast 🇵🇸Sep 26, 2024
@rmi @mirabilos @kyhwana @aurynn
An amazon Linux version of this would be rather dramatic
Show threadRob IsaacSep 26, 2024
@Br3nda @mirabilos @kyhwana @aurynn I’ve been looking for an excuse to end this life of crime and start a dog sanctuary
Show threadDr. Curiosity 💻🔬Sep 26, 2024
@rmi @mirabilos @kyhwana @Br3nda @aurynn
And here I thought an Alpine fault was going to take us out first.
(containerised or not)
Show threadRob IsaacSep 26, 2024
@DrCuriosity @mirabilos @kyhwana @Br3nda @aurynn grownup standard library raises the bar a bit
Show threadAndrewSep 26, 2024
@Br3nda @rmi Is it this one? https://threadreaderapp.com/thread/1838169889330135132.html
Thread by @evilsocket on Thread Reader App

@evilsocket: * Unauthenticated RCE vs all GNU/Linux systems (plus others) disclosed 3 weeks ago. * Full disclosure happening in less than 2 weeks (as agreed with devs). * Still no CVE assigned (there should be at...…

Show threadCySep 26, 2024
What? Why?
Show threadEwen McNeillSep 26, 2024

@rmi do we know if that’s the first “30 September” (ie in Aotearoa) or the second “30 September” (ie in the USA)?

I’ve been assuming it would be the second one, ie 1 October here. (I’ve also been assuming it’s being overhyped, but might require prompt patching anyway.)

Show threadRob IsaacSep 26, 2024
@ewenmcneill Pretty sure it’s 1 October in civilised countries, modulo the slight overlap.
Show threadEwen McNeillSep 26, 2024

@rmi turns out they *really* meant 2024-09-27.

It seems that hyping up that you have a secret for days doesn’t reduce the chances of people guessing the secret 🤯 (Especially when you confirm the guess by publicly linking to the commit!?!)

Anyway if you happen to have CUPS installed you might want to look out for vendor patches and install them at some point.

https://github.com/OpenPrinting/cups-browsed/issues/36
https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/index.html

Review locking/multi-threading implementation · Issue #36 · OpenPrinting/cups-browsed

According to @evilsocket, cups-browsed can be held up for an extended period of time: The lock acquired here doesn't get unlocked until the IPP server has responded. A malicious IPP server can keep...

GitHub
Show threadIncident Creator ❎Sep 26, 2024
@rmi Wouldn't it be fun if it affects Android phones?
Show threadDave Lane  🇳🇿Sep 26, 2024
@vik @rmi sure would be a hoot.
Show threadIncident Creator ❎Sep 26, 2024
@lightweight @rmi For Apple device owners anyway.
Show threadDave Lane  🇳🇿Sep 26, 2024
@vik @rmi I have little doubt their time will come. Plus they have the constant ignominy of being ripped off for every aspect of their digital existence, and comprehensively locked in - esp. everything related to the AppStore.
Show threadTheaSep 26, 2024
@rmi I’ll get extra popcorn
Show threadBeeSep 26, 2024
@rmi …what is happening on sep 30?
Show threadSindarina, Edge Case DetectiveSep 27, 2024
@rmi If it is indeed CUPS, it seems it arrived early; there's RCE warnings all over my feeds this morning.