dcsimg
December 7, 2019
Hot Topics:

Libarchive Flaw Puts Other Software at Risk

  • June 22, 2016
  • By Developer.com Staff

Researchers from Cisco Systems' Talos group have found three severe security flaws—an integer overflow, a buffer overflow and a heap overflow—in an open source library called libarchive. Many popular open source projects rely on the library, which provides real-time access to compressed files. It's used by many Linux and BSD file managers, as well as by OS X and Chrome OS components. No one knows how many other pieces of software may rely on libarchive, making them vulnerable to attacks.

"When vulnerabilities are discovered in a piece of software such as libarchive, many third-party programs that rely on and bundle libarchive are affected," the Talos researchers blogged. "These are what are known as common mode failures, which enable attackers to use a single attack to compromise many different programs/systems. Users are encouraged to patch all relevant programs as quickly as possible."

View article







Enterprise Development Update

Don't miss an article. Subscribe to our newsletter below.


Thanks for your registration, follow us on our social networks to keep up-to-date