dcsimg
 

Libarchive Flaw Puts Other Software at Risk

Wednesday Jun 22nd 2016 by Developer.com Staff

Lots of other applications rely on the popular libarchive code.

Researchers from Cisco Systems' Talos group have found three severe security flaws—an integer overflow, a buffer overflow and a heap overflow—in an open source library called libarchive. Many popular open source projects rely on the library, which provides real-time access to compressed files. It's used by many Linux and BSD file managers, as well as by OS X and Chrome OS components. No one knows how many other pieces of software may rely on libarchive, making them vulnerable to attacks.

"When vulnerabilities are discovered in a piece of software such as libarchive, many third-party programs that rely on and bundle libarchive are affected," the Talos researchers blogged. "These are what are known as common mode failures, which enable attackers to use a single attack to compromise many different programs/systems. Users are encouraged to patch all relevant programs as quickly as possible."

View article

Home
Mobile Site | Full Site