Linux users warned to update libarchive to beat flaw

Every now and again, a security vulnerability is discovered in a program with little fanfare, despite the fact that it’s buried in plain sight inside software lots of people depend on.

A good example is , which has a flaw discovered by Google researchers in May using the ClusterFuzz and OSSFuzz automated ‘fuzzing’ tools and fixed by libarchive’s maintainers on 12 June in version 3.4.0.

Libarchive, for those not familiar with it, is a compression and archiving library originally developed for FreeBSD that has achieved widespread popularity because it functions like a do-everything compressed archive handler supporting file and compression formats including ZIP, gzip, tar, uuencode, 7z, Microsoft CAB, ISO9660 (CD images) and many more.

It’s also used by Debian, Ubuntu, Gentoo, Arch , and the Chromebook Chrome OS, as well as tools such as the Samba -Windows interoperability suite, all of which are now receiving the June patch.

It’s even part of Apple’s macOS and Microsoft’s Windows 10, although neither are thought to be affected by the vulnerability.

You might also like More from author

Leave A Reply

Your email address will not be published.