[Centos] new version of zlib to CenOS 3.3 ?

Wed Feb 23 16:28:40 UTC 2005
smj at littleprojects.org <smj at littleprojects.org>

On Wed, Feb 23, 2005 at 01:20:19PM +0100, Ulrik S. Kofod wrote:
> Should I then install from http://www.zlib.net or is there a way to make yum get it
> from CentOS 3.4?
> 
> I would prefre to install as much as possible via yum.
> 
> Matt Bottrell sagde:
> > what version ships with CentOS 3.4?
> >
> >
> > On Wed, 23 Feb 2005 11:35:10 +0100 (CET), Ulrik S. Kofod
> > <usk at cybersite.dk> wrote:
> >> I wanted to upgrade my ClamAV but ./configure gave this error
> >> checking for zlib installation... /usr
> >> configure: error: The installed zlib version may contain a security bug. Please
> >> upgrade to 1.2.2 or later: http://www.zlib.net. You can omit this check with
> >> --disable-zlib-vcheck but DO NOT REPORT any stablility issues then!
<SNIP>

RH has a backporting policy that puts security patches into previous
versions.  The reason they do this is to minimize bugs that creep into
the features added in later versions.

They will very rarely upgrade a software package within a version of
RHEL.

In short, zlib is probably patched.  The version you have is most likely secure.  
You need to check the vulnerability in question against the RHEL eratta to make sure,
but if this is the zlib flaw that got many Linux servers a year or so
ago, then it's been patched in the source for RHEL, and hence CentOS.

Not only that, it probably does not have any bugs introduced by later
versions.

Hope this helps,

Shawn M. Jones