The libarchive programming library was recently patched against three critical memory-related vulnerabilities that could be abused to execute code on computers running the vulnerable software.
As is the case with most open source software packages, patching the core library is only half the battle; admins must now ensure that third-party software running the library is also fixed, and that’s not an easy task.
“When vulnerabilities are discovered in a piece of software such as libarchive, many third-party programs that rely on, and bundle libarchive are affected,” said Cisco Talos researcher Marcin Noga in a report published Tuesday. “These are what are known as common mode failures, which enable attackers to use a single attack to compromise many different programs/systems. Users are encouraged to patch all relevant programs as quickly as possible.”