question about zlib security patch
Kris Kennaway
kris at obsecurity.org
Thu Sep 8 10:39:59 PDT 2005
On Thu, Sep 08, 2005 at 11:09:43PM +0800, Yuan Jue wrote:
> On Thursday 08 September 2005 22:43, Chantal Rosmuller wrote:
>
> > >>I was installing clamav 0.83 on a freebsd 5.4 system and I got the
> > >>following error:
> > >>clamav configure: error: The installed zlib version may contain a
> > >>security bug
> > >>
> > >>I want to upgrade zlib to solve this but:
> > >>- I don't know how I can see what version of zlib I have at the moment?
> > >
> > >use pkg_info|grep zlib
> > >
> > >>- I found the following advice on the freebsd site:
> > >>
> > >>ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:18.zlib.a
> > >>sc
> > >>
> > >>according to this I have to do the following:
> > >>
> > >># cd /usr/src
> > >># patch < /path/to/patch
> > >># cd /usr/src/lib/libz/
> > >># make obj && make depend && make && make install
> > >>
> > >>but I have no /usr/src/lib/libz/
> > >
> > >maybe you didn't install source code when you installed your FreeBSD. You
> > >still can do it using sysinstall now.
>
>
> > You are right I didn't install the sourcecode, the instructions make a
> > lot more sense now :)
> > one other small question, pkg_info | grep zlib
> > gave me the following output;
> >
> > jzlib-1.0.5_1 A re-implementation of zlib in pure Java
> > php4-zlib-4.3.10_2 The zlib shared extension for php
> >
> >
> > so no zlib? Why is that ? because I didn't install it with pkg_add?
> sorry, I never try clamav, so I am not sure the exact reason for that error.
> Maybe when you install the source code, there is no error anymore :)
The advice was bogus, zlib is not a package on FreeBSD.
> Or, you may need to install this port find_zlib-1.9, which can be found
> in /usr/ports/security/.
That does something else again..please try not to give bad advice :-)
Kris
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20050908/d256e30f/attachment.bin
More information about the freebsd-questions
mailing list