I am slightly confused. If I am using a linux laptop with cups do I need to do anything besides update? Is there a sane way to print from the linux desktop. I unfortunately need to regularly print, and often from public wifi.
Unless you are exposing CUPS to other people on purpose so that you act as a print server then block inbound access using a local firewall. Your local print jobs should be able to use the loopback just fine. Your print spooler would then be talking to the IP on your printer and that should also be confined to your local network and may have optional features to further secure access.
On a very loosely related note, some enterprise printers have optional features to lock down remote access to people that are authenticated. Authentication capabilities vary by vendor. This is somewhat unrelated to CUPS but probably a good time for people to research what their printers can do as printers are a great way to steal company secrets.
[Edit] What smokel said. They beat me to it before I refreshed the page.
This is a misunderstanding of the vulnerability. The problem isn't with the print server. It is with the printer discovery mechanism, cups-browsed. That is the service that listens on the entire network, because it's designed so that LAN printers can advertise themselves to your system.
In that case one can disable it until it is patched assuming there isn't a udev rule that re-enables it. I stay clear of systemd these days so I don't know.
Unless you need printer discovery, you should probably shut down and remove cups-browsed entirely. Its whole purpose is to listen on the LAN to discover printers (or attackers) that advertise themselves to it.
Not an expert, but I guess that simply enabling the firewall should avoid most problems related to this vulnerability. In Ubuntu, this can be accomplished with:
