I wanted to upgrade my ClamAV but ./configure gave this error checking for zlib installation... /usr configure: error: The installed zlib version may contain a security bug. Please upgrade to 1.2.2 or later: http://www.zlib.net. You can omit this check with --disable-zlib-vcheck but DO NOT REPORT any stablility issues then!
but yum gave this message # yum install zlib Gathering header information file(s) from server(s) Server: CentOS-3.3 - Addons Server: CentOS-3.3 - Base Server: CentOS-3.3 - Extras Server: CentOS-3.3 - Updates Finding updated packages Downloading needed headers zlib is installed and is the latest version. No actions to take
is it safe to install ClamAV with the --disable-zlib-vcheck option ?
what version ships with CentOS 3.4?
On Wed, 23 Feb 2005 11:35:10 +0100 (CET), Ulrik S. Kofod usk@cybersite.dk wrote:
I wanted to upgrade my ClamAV but ./configure gave this error checking for zlib installation... /usr configure: error: The installed zlib version may contain a security bug. Please upgrade to 1.2.2 or later: http://www.zlib.net. You can omit this check with --disable-zlib-vcheck but DO NOT REPORT any stablility issues then!
but yum gave this message # yum install zlib Gathering header information file(s) from server(s) Server: CentOS-3.3 - Addons Server: CentOS-3.3 - Base Server: CentOS-3.3 - Extras Server: CentOS-3.3 - Updates Finding updated packages Downloading needed headers zlib is installed and is the latest version. No actions to take
is it safe to install ClamAV with the --disable-zlib-vcheck option ?
-- This message has been scanned for viruses and dangerous content by OpenProtect(http://www.openprotect.com), and is believed to be clean.
CentOS mailing list CentOS@caosity.org http://lists.caosity.org/mailman/listinfo/centos
Should I then install from http://www.zlib.net or is there a way to make yum get it from CentOS 3.4?
I would prefre to install as much as possible via yum.
Matt Bottrell sagde:
what version ships with CentOS 3.4?
On Wed, 23 Feb 2005 11:35:10 +0100 (CET), Ulrik S. Kofod usk@cybersite.dk wrote:
I wanted to upgrade my ClamAV but ./configure gave this error checking for zlib installation... /usr configure: error: The installed zlib version may contain a security bug. Please upgrade to 1.2.2 or later: http://www.zlib.net. You can omit this check with --disable-zlib-vcheck but DO NOT REPORT any stablility issues then!
but yum gave this message # yum install zlib Gathering header information file(s) from server(s) Server: CentOS-3.3 - Addons Server: CentOS-3.3 - Base Server: CentOS-3.3 - Extras Server: CentOS-3.3 - Updates Finding updated packages Downloading needed headers zlib is installed and is the latest version. No actions to take
is it safe to install ClamAV with the --disable-zlib-vcheck option ?
-- This message has been scanned for viruses and dangerous content by OpenProtect(http://www.openprotect.com), and is believed to be clean.
CentOS mailing list CentOS@caosity.org http://lists.caosity.org/mailman/listinfo/centos
CentOS mailing list CentOS@caosity.org http://lists.caosity.org/mailman/listinfo/centos
-- This message has been scanned for viruses and dangerous content by OpenProtect(http://www.openprotect.com), and is believed to be clean.
On Wed, Feb 23, 2005 at 01:20:19PM +0100, Ulrik S. Kofod wrote:
Should I then install from http://www.zlib.net or is there a way to make yum get it from CentOS 3.4?
I would prefre to install as much as possible via yum.
Matt Bottrell sagde:
what version ships with CentOS 3.4?
On Wed, 23 Feb 2005 11:35:10 +0100 (CET), Ulrik S. Kofod usk@cybersite.dk wrote:
I wanted to upgrade my ClamAV but ./configure gave this error checking for zlib installation... /usr configure: error: The installed zlib version may contain a security bug. Please upgrade to 1.2.2 or later: http://www.zlib.net. You can omit this check with --disable-zlib-vcheck but DO NOT REPORT any stablility issues then!
<SNIP>
RH has a backporting policy that puts security patches into previous versions. The reason they do this is to minimize bugs that creep into the features added in later versions.
They will very rarely upgrade a software package within a version of RHEL.
In short, zlib is probably patched. The version you have is most likely secure. You need to check the vulnerability in question against the RHEL eratta to make sure, but if this is the zlib flaw that got many Linux servers a year or so ago, then it's been patched in the source for RHEL, and hence CentOS.
Not only that, it probably does not have any bugs introduced by later versions.
Hope this helps,
Shawn M. Jones
About Clamav You can use .rpm from DAG http://dag.wieers.com/packages/clamav/
ZLib yum install zlib
Nope?
Tiago
----- Original Message ----- From: smj@littleprojects.org To: "CentOS discussion and information list" centos@caosity.org Sent: Wednesday, February 23, 2005 1:28 PM Subject: Re: [Centos] new version of zlib to CenOS 3.3 ?
On Wed, Feb 23, 2005 at 01:20:19PM +0100, Ulrik S. Kofod wrote:
Should I then install from http://www.zlib.net or is there a way to make yum get it from CentOS 3.4?
I would prefre to install as much as possible via yum.
Matt Bottrell sagde:
what version ships with CentOS 3.4?
On Wed, 23 Feb 2005 11:35:10 +0100 (CET), Ulrik S. Kofod usk@cybersite.dk wrote:
I wanted to upgrade my ClamAV but ./configure gave this error checking for zlib installation... /usr configure: error: The installed zlib version may contain a security bug. Please upgrade to 1.2.2 or later: http://www.zlib.net. You can omit this check with --disable-zlib-vcheck but DO NOT REPORT any stablility issues then!
<SNIP>
RH has a backporting policy that puts security patches into previous versions. The reason they do this is to minimize bugs that creep into the features added in later versions.
They will very rarely upgrade a software package within a version of RHEL.
In short, zlib is probably patched. The version you have is most likely secure. You need to check the vulnerability in question against the RHEL eratta to make sure, but if this is the zlib flaw that got many Linux servers a year or so ago, then it's been patched in the source for RHEL, and hence CentOS.
Not only that, it probably does not have any bugs introduced by later versions.
Hope this helps,
Shawn M. Jones _______________________________________________ CentOS mailing list CentOS@caosity.org http://lists.caosity.org/mailman/listinfo/centos
-
Matt Bottrell -
smj@littleprojects.org -
Tiago Bahi - VOE INTERNET -
Ulrik S. Kofod