On Wed, Feb 23, 2005 at 01:20:19PM +0100, Ulrik S. Kofod wrote: > Should I then install from http://www.zlib.net or is there a way to make yum get it > from CentOS 3.4? > > I would prefre to install as much as possible via yum. > > Matt Bottrell sagde: > > what version ships with CentOS 3.4? > > > > > > On Wed, 23 Feb 2005 11:35:10 +0100 (CET), Ulrik S. Kofod > > <usk at cybersite.dk> wrote: > >> I wanted to upgrade my ClamAV but ./configure gave this error > >> checking for zlib installation... /usr > >> configure: error: The installed zlib version may contain a security bug. Please > >> upgrade to 1.2.2 or later: http://www.zlib.net. You can omit this check with > >> --disable-zlib-vcheck but DO NOT REPORT any stablility issues then! <SNIP> RH has a backporting policy that puts security patches into previous versions. The reason they do this is to minimize bugs that creep into the features added in later versions. They will very rarely upgrade a software package within a version of RHEL. In short, zlib is probably patched. The version you have is most likely secure. You need to check the vulnerability in question against the RHEL eratta to make sure, but if this is the zlib flaw that got many Linux servers a year or so ago, then it's been patched in the source for RHEL, and hence CentOS. Not only that, it probably does not have any bugs introduced by later versions. Hope this helps, Shawn M. Jones