Libarchive is an open source library for archive compression and decompression. Many Linux software and distributions use it. More importantly, many Linux-based appliances may also use it. Today’s video covers three vulnerabilities in this popular library, and what you should do about them.
(Episode Runtime: 1:45
Direct YouTube Link: https://www.youtube.com/watch?v=cxWk6LVo_8E
EPISODE REFERENCES:
- Talos discloses vulnerabilities in libarchive – Talos Intel
— Corey Nachreiner, CISSP (@SecAdept)
Stuart says
Hi Corey,
Are WatchGuard appliances impacted and if so is an update on its way?
Thanks,
Stuart
Corey Nachreiner says
Stuart, I mention at the end of the video that, yes, WatchGuard Fireboxes use a vulnerable version of libarchive. Our engineers have already patched internally, and the fix will be in one of the next releases. We are just looking at QA impact to see which of the next few releases that will be.