> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Ted > Mittelstaedt > Sent: Sunday, January 30, 2005 4:39 PM > To: Lowell Gilbert; Timothy Luoma > Cc: FreeBSD-Questions Questions > Subject: RE: 1st security warning: "installed zlib version may > containasecurity bug" > > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] Behalf Of > Lowell Gilbert > > Sent: Sunday, January 30, 2005 7:38 AM > > To: Timothy Luoma > > Cc: FreeBSD-Questions Questions > > Subject: Re: 1st security warning: "installed zlib version > may contain > > asecurity bug" > > > > > > Timothy Luoma <[EMAIL PROTECTED]> writes: > > > > > I was trying to configure && make 'clamav-0.81' when it complained > > > about this: > > > > > > configure: error: The installed zlib version may contain a security > > > bug. Please upgrade to 1.2.2 or later: http://www.zlib.net. You can > > > omit this check with --disable-zlib-vcheck but DO NOT REPORT any > > > stablility issues then! > > > > > > I went to zlib.net, downloaded 1.2.2, did './configure && > > make install > > > clean' > > > > > > Is that all I need to do? This is my first "security warning" so I > > > want to make sure I'm not missing something obvious. > > > > It sounds like you're missing the ports collection, to begin > with. It > > will handle dependencies for you, a big help in upgrades. > > Lowell, > > Considering that /ports/security/clamav was only updated to > clamav 0.81 6 hours ago it is quite expected that the OP would > have tried building this himself. > > And you > > should try to use the FreeBSD base system upgrades and security > > advisories for keeping up on security issues, rather than trying to > > install bits and pieces yourself (unlike, say, Linux, FreeBSD is a > > whole operating system). > > > > zlib is part of the base OS it should be at version 1.2.2 in FreeBSD > 4.11R, > since version 1.2.2 was released in October 2004. >
Oops, belay this - the version of zlib in FreeBSD is much older and is not vulnerable. clamav is the problem - the check they are making is assuming that any zlib implementation that is not 1.2.2 is vulnerable. The hack that I gave will work to get clamav built on your system - but there is no need to update the zlib libraries. Ted _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
