The Cisco Talos blog reported newly discovered vulnerabilities in the widely used libarchive open-source programming library. Cisco Talos reports that it has worked with the maintainers of the archive to patch what it calls three rather severe bugs in the library. Cisco Talos encourages users to patch/upgrade related, vulnerable software. Christopher Fearon, research director at Black Duck Software, which helps organisations to identify, secure and manage open source software in the enterprise commented below.
Christopher Fearon, Research Director at Black Duck Software:
“This is another example of a widely used component that is also consumed by other open source packages,” said Christopher Fearon, research director at Black Duck Software, which helps organisations to secure and manage open source software. “Not only is libarchive bundled with specific tools and products offering archiving functionality, but it’s also included in various package managers and numerous Linux distributions – in essence, libarchive is everywhere.”
According to the Black Duck Open Hub (an online community and public directory of open source software), libarchive has had 4,718 commits made by 103 contributors since the first community commit in 2008. Over 25 per cent of the lifetime committers have contributed to the project in just the past 12 months.
“In this case, it’s not enough to know that you’re using a specific Linux distribution, you need to also have visibility into that package’s subcomponents. Ensuring a robust vulnerability management solution in conjunction with an open source management platform is key to identifying and understanding the business impact and risks associated with libarchive usage. While we may always be a step behind malicious actors, the adoption of automated vulnerability detection tools and open source software management solutions will assist in long term risk mitigation.”
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Celebrating Data Privacy Day – 28th January 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Most Active Commenters
Recent Comments
Chat systems such as Slack and Teams need to be…
“This is a sophisticated phishing scam that will catch out…
“Cybersecurity is increasingly complex, in part, due to the interconnected…
“Unfortunately, time and time again we see NGOs, hospitals and…
As I have always said - it is verified trust…