Slashdot Mirror

← Back to Stories (view on slashdot.org)

Severe Flaws Found In Libarchive Open Source Library (talosintel.com)

Posted by msmash on from the security-woes dept.

Reader itwbennett writes: Researchers from Cisco Systems' Talos group have found three memory corruption errors in the widely used open-source library libarchive that can result in arbitrary code execution and can be exploited by passing specially crafted files to applications that contain the vulnerable code. "The library is used by file and package managers included in many Linux and BSD systems, as well as by components and tools in OS X and Chrome OS," writes Lucian Constantin. "Developers can also include the library's code in their own projects, so it's hard to know how many other applications or firmware packages contain it." (Original blog post) So, while the libarchive maintainers have released patches for the flaws, it will likely take a long time for them to trickle down through all the affected projects.

3 of 82 comments (clear)

  1. Goddammit, people! We need to use Rust NOW! by Anonymous Coward · · Score: 1, Funny

    For crying out loud! How long must this continue? We need to start using the Rust programming language and we need to start using it now! If you don't know what Rust is, let me inform you. The Rust web site describes it as "a systems programming language that runs blazingly fast, prevents segfaults, and guarantees thread safety." It has "guaranteed memory safety" and it has "threads without data races" and you get all of this with "zero-cost abstractions"! Rust doesn't just make programming safe. Thanks to its code of conduct the Rust community is a safe space free of intolerance and prejudice, too.

    Essentially, Rust is what C and C++ should have been all along. This submission shows that we badly need what Rust offers. We need the safety of Rust, and we need it now! I don't think we really have any choice. We need to start using Rust for everything! It's the only way we can be sure that the software we're writing is safe and secure.

  2. Fuck all this by Anonymous Coward · · Score: 2, Funny

    I'm going back to DOS 2.11 on my bone stock original IBM XT.
    HACK THAT! HA!

  3. Re:Would a Mozilla Rust-only OS have prevented thi by Guy+Harris · · Score: 3, Funny

    It is Rust top to bottom.

    It probably wouldn't be very good on mobile machines because, as we know, Rust never sleeps.