This post originated from an RSS feed registered with Java Buzz by News Manager. Original Post: Severe flaws in widely used archive library put many projects at risk Feed Title: JavaWorld Feed URL: http://www.javaworld.com/index.rss Feed Description: JavaWorld.com: Fueling Innovation Latest Java Buzz Posts Latest Java Buzz Posts by News Manager Latest Posts From JavaWorld

In a world where any new software project is built in large part on existing third-party code, finding and patching vulnerabilities in popular open-source libraries is vital to creating reliable and secure applications.

For example, three severe flaws in libarchive, recently found by researchers from Cisco Systems' Talos group, could affect a large number of software products.

Libarchive is an open-source library first created for FreeBSD, but since ported to all major operating systems. It provides real-time access to files compressed with a variety of algorithms, including tar, pax, cpio, ISO9660, zip, lha/lzh, rar, cab and 7-Zip.

The library is used by file and package managers included in many Linux and BSD systems, as well as by components and tools in OS X and Chrome OS. Developers can also include the library's code in their own projects, so it's hard to know how many other applications or firmware packages contain it.

To read this article in full or to leave a comment, please click here