Replicated's response to the Common UNIX Printing System (CUPS) Vulnerabilities

On September 23, a researcher disclosed a critical CVSSv3 9.9 score unauthenticated remote code execution vulnerability affecting "all GNU/Linux systems," specifically targeting the Common UNIX Printing System (CUPS), with identified vulnerabilities labeled as CVE-2024-47076, CVE-2024-47175, CVE-2024-47176, and CVE-2024-47177. Replicated assessed its systems and deemed the risk low, as their products do not start the CUPS service by default, and are built on "distroless" images that support daily automated rebuilds. However, Kurl, which uses Alpine Linux, may need patching once updates are available. They recommend users keep their systems updated, minimize unnecessary packages, and ensure firewall protections, with plans to release new product versions following the availability of patches.