*** This bug is a security vulnerability *** Public security bug reported:
Hi, The utility uniq allows all types of files as input. Allowing block devices or character devices as input can lead to unwanted behavior such as the utility executes indefinitely when device '/dev/urandom' is passed as an input. Please refer this for more information regarding this issue (https://github.com/pkmoore/rrapper/blob/master/anomalies/weird_filetypes.md). I've included a patch which checks and handles character devices and block devices when passed as input. Please get back to me for more information. Regards, Anoop Nadig ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: coreutils 8.28-1ubuntu1 ProcVersionSignature: Ubuntu 4.15.0-42.45-generic 4.15.18 Uname: Linux 4.15.0-42-generic i686 ApportVersion: 2.20.9-0ubuntu7.5 Architecture: i386 CurrentDesktop: XFCE Date: Tue Dec 11 20:23:32 2018 ExecutablePath: /usr/bin/uniq InstallationDate: Installed on 2018-11-07 (35 days ago) InstallationMedia: Xubuntu 18.04 LTS "Bionic Beaver" - Release i386 (20180426) SourcePackage: coreutils UpgradeStatus: No upgrade log present (probably fresh install) ** Affects: coreutils (Ubuntu) Importance: Undecided Status: New ** Tags: apport-bug bionic i386 ** Patch added: "Patch for detecting and handling character and block device as input" https://bugs.launchpad.net/bugs/1808095/+attachment/5221550/+files/uniq.patch ** Patch removed: "Patch for detecting and handling character and block device as input" https://bugs.launchpad.net/ubuntu/+source/coreutils/+bug/1808095/+attachment/5221550/+files/uniq.patch -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to coreutils in Ubuntu. https://bugs.launchpad.net/bugs/1808095 Title: uniq is not checking and handling all file types Status in coreutils package in Ubuntu: New Bug description: Hi, The utility uniq allows all types of files as input. Allowing block devices or character devices as input can lead to unwanted behavior such as the utility executes indefinitely when device '/dev/urandom' is passed as an input. Please refer this for more information regarding this issue (https://github.com/pkmoore/rrapper/blob/master/anomalies/weird_filetypes.md). I've included a patch which checks and handles character devices and block devices when passed as input. Please get back to me for more information. Regards, Anoop Nadig ProblemType: Bug DistroRelease: Ubuntu 18.04 Package: coreutils 8.28-1ubuntu1 ProcVersionSignature: Ubuntu 4.15.0-42.45-generic 4.15.18 Uname: Linux 4.15.0-42-generic i686 ApportVersion: 2.20.9-0ubuntu7.5 Architecture: i386 CurrentDesktop: XFCE Date: Tue Dec 11 20:23:32 2018 ExecutablePath: /usr/bin/uniq InstallationDate: Installed on 2018-11-07 (35 days ago) InstallationMedia: Xubuntu 18.04 LTS "Bionic Beaver" - Release i386 (20180426) SourcePackage: coreutils UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/coreutils/+bug/1808095/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
