Date: Thu, 8 Sep 2005 13:39:48 -0400 From: Kris Kennaway <kris@obsecurity.org> To: Yuan Jue <yuanjue122@gmail.com> Cc: Chantal Rosmuller <chantal@antenna.nl>, freebsd-questions@freebsd.org Subject: Re: question about zlib security patch Message-ID: <20050908173948.GE49084@xor.obsecurity.org> In-Reply-To: <200509082309.43229.yuanjue122@gmail.com> References: <4320494D.6030503@antenna.nl> <200509082234.50571.yuanjue122@gmail.com> <43204E22.1010807@antenna.nl> <200509082309.43229.yuanjue122@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--JBi0ZxuS5uaEhkUZ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Sep 08, 2005 at 11:09:43PM +0800, Yuan Jue wrote: > On Thursday 08 September 2005 22:43, Chantal Rosmuller wrote: >=20 > > >>I was installing clamav 0.83 on a freebsd 5.4 system and I got the > > >>following error: > > >>clamav configure: error: The installed zlib version may contain a > > >>security bug > > >> > > >>I want to upgrade zlib to solve this but: > > >>- I don't know how I can see what version of zlib I have at the momen= t? > > > > > >use pkg_info|grep zlib > > > > > >>- I found the following advice on the freebsd site: > > >> > > >>ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:18.zl= ib.a > > >>sc > > >> > > >>according to this I have to do the following: > > >> > > >># cd /usr/src > > >># patch < /path/to/patch > > >># cd /usr/src/lib/libz/ > > >># make obj && make depend && make && make install > > >> > > >>but I have no /usr/src/lib/libz/ > > > > > >maybe you didn't install source code when you installed your FreeBSD. = You > > >still can do it using sysinstall now. >=20 >=20 > > You are right I didn't install the sourcecode, the instructions make a > > lot more sense now :) > > one other small question, pkg_info | grep zlib > > gave me the following output; > > > > jzlib-1.0.5_1 A re-implementation of zlib in pure Java > > php4-zlib-4.3.10_2 The zlib shared extension for php > > > > > > so no zlib? Why is that ? because I didn't install it with pkg_add? > sorry, I never try clamav, so I am not sure the exact reason for that err= or.=20 > Maybe when you install the source code, there is no error anymore :) The advice was bogus, zlib is not a package on FreeBSD. > Or, you may need to install this port find_zlib-1.9, which can be found= =20 > in /usr/ports/security/. That does something else again..please try not to give bad advice :-) Kris --JBi0ZxuS5uaEhkUZ Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQFDIHdkWry0BWjoQKURAk9kAJ43gPA36avnKc7RoWL+yP/OmZwXVACfZ300 pwjH8wWdWkXVU4C9fpJg1AI= =pOtV -----END PGP SIGNATURE----- --JBi0ZxuS5uaEhkUZ--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050908173948.GE49084>