Hello, On Feb 12 19:09 Sascha Peilicke wrote (excerpt):
I don't know if it's better to add comment #110 or just replying here. Just because you have a daemon (cups) listen on 0.0.0.0 for UDP packets doesn't mean "The Internet" (citing comment #66) can attack you. I'd argue that 99% of openSUSE user's machines sit in a local NAT'ed network (behind an adsl router). That's as insecure as OpenSSH running is. And your SuSEFirewall still blocks the port by default. So with pristine settings, you are safe. Letting the service _not_ listen on any interface simply means it can't do it's job. Listening for CUPS printer broadcasts in that case.
Please add it to https://bugzilla.novell.com/show_bug.cgi?id=857372 because it is exactly about why this bug exist at all. It is a "Security" issue where our security team decides. The current "non-working-but-secure" state is what has been decided up to now in that bug. If you like to change that, you need to discuss it with our security team (i.e. set "NEEDINFO" to security-team@suse.de).
I'm happy to take the minimal burden of maintaining cups. In fact I already prepared the version update (we're ancient ATM).
This is great news! I appreciate it very much when you maintain CUPS. Kind Regards Johannes Meixner -- SUSE LINUX Products GmbH -- Maxfeldstrasse 5 -- 90409 Nuernberg -- Germany HRB 16746 (AG Nuernberg) GF: Jeff Hawn, Jennifer Guild, Felix Imendoerffer -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org