New Flash about cups-browsed RCE vulnerability: Minor corrections

_posts/2024-09-29-OpenPrinting News Flash - cups-browsed Remote Code Execution vulnerability.md

@@ -9,7 +9,7 @@ excerpt: Exploit of a combination of several bugs - Overhyped but not that sever
 **Update: Legacy CUPS browsing now removed in cups-browsed 2.x and 1.x, report about DoS vulnerability of legacy CUPS browsing in cups-browsed, blog/podcast/video coverage**
 
 ## What happened?
-On September 5 we got a [GitHub security advisory (GHSA) on cups-browsed](https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8) about a remote code execution. It is possible to create an emulation of an IPP printer with forged metadata to make cups-browsed auto-generate a print queue and the PPD generator of libcups or libppd create a PPD with added lines so that the foomatic-rip filter gets used and the PPD defines a filter command line for foomatic-rip which is supplied by the attacker.
+On September 5 we got a [GitHub security advisory (GHSA) on cups-browsed](https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8) about a remote code execution. It is possible to create an emulation of an IPP printer with forged metadata to make cups-browsed auto-generate a print queue and the PPD generator of libcups or libppd create a PPD with added lines so that the foomatic-rip filter gets used and the PPD defines a filter command line for foomatic-rip which is supplied by the attacker. So we have a **remote code execution (RCE)** vulnerability.
 
 The reporter, Simone Margaritelli (aka evilsocket), started investigating when he discovered that cups-browsed accepts UDP packets on port 631 from any source to trigger a `get-printer-attributes` IPP request. He then found further bugs leading up to the remote code execution.
 
@@ -23,7 +23,7 @@ At the time of disclosure there appeared [tons of posts on Mastodon](https://ubu
 
 A good and detailed description of the vulnerability comes from Simone himself in his [blog](https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/). **Thanks to Simone Margaritelli for the detailed investigation and also the detailed description about how the vulnerability works.** Investigators of this kind are really needed to keep free software on a high security level. This vulnerability could never have been found by automated methods like fuzzing or code analysis.
 
-Some days later, **Peter van Dijk (aka Habbie, also thanks for your report)** has reported another vulnerability of the legacy CUPS browsing support as a [GHSA on cups-filters](https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-rq86-c7g6-r2h8). It was possible to send a well-formed CUPS broadcast packet to UDP port 631 of cups-browsed, but with a port 80 URL of a web site which redirects on the port and then cups-browsed falls into an infinite loop sending HTTP requests which can only be stopped by `kill -9`. This vulnerability got treated with detail in this [blog from Akamai](https://www.akamai.com/blog/security-research/october-cups-ddos-threat).
+Some days later, **Peter van Dijk (aka Habbie, also thanks for your report)** has reported another vulnerability of the legacy CUPS browsing support as a [GHSA on cups-filters](https://github.com/OpenPrinting/cups-filters/security/advisories/GHSA-rq86-c7g6-r2h8). It was possible to send a well-formed CUPS broadcast packet to UDP port 631 of cups-browsed, but with a port 80 URL of a web site which redirects on the port and then cups-browsed falls into an infinite loop sending HTTP requests which can only be stopped by `kill -9`. This vulnerability got independently discovered and treated in detail by Akamai and posted in their [blog](https://www.akamai.com/blog/security-research/october-cups-ddos-threat).
 
 
 ## Overhyped