Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 9 Sep 2005 08:13:06 +0800
From:      Yuan Jue <yuanjue122@gmail.com>
To:        Kris Kennaway <kris@obsecurity.org>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: question about zlib security patch
Message-ID:  <200509090813.06887.yuanjue122@gmail.com>
In-Reply-To: <20050908173948.GE49084@xor.obsecurity.org>
References:  <4320494D.6030503@antenna.nl> <200509082309.43229.yuanjue122@gmail.com> <20050908173948.GE49084@xor.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Friday 09 September 2005 01:39, Kris Kennaway wrote:
> > > >>I was installing clamav 0.83 on a freebsd 5.4 system and I got the
> > > >>following error:
> > > >>clamav configure: error: The installed zlib version may contain a
> > > >>security bug
> > > >>
> > > >>I want to upgrade zlib to solve this but:
> > > >>- I don't know how I can see what version of zlib I have at the
> > > >> moment?
> > > >
> > > >use pkg_info|grep zlib
> > > >
> > > >>- I found the following advice on the freebsd site:
> > > >>
> > > >>ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:18.zl
> > > >>ib.a sc
> > > >>
> > > >>according to this I have to do the following:
> > > >>
> > > >># cd /usr/src
> > > >># patch < /path/to/patch
> > > >># cd /usr/src/lib/libz/
> > > >># make obj && make depend && make && make install
> > > >>
> > > >>but I have no /usr/src/lib/libz/
> > > >
> > > >maybe you didn't install source code when you installed your FreeBSD.
> > > > You still can do it using sysinstall now.
> > >
> > > You are right I didn't install the sourcecode, the instructions make a
> > > lot more sense now :)
> > > one other small question,  pkg_info | grep zlib
> > > gave me the following output;
> > >
> > > jzlib-1.0.5_1       A re-implementation of zlib in pure Java
> > > php4-zlib-4.3.10_2  The zlib shared extension for php
> > >
> > >
> > > so no zlib? Why is that ? because I didn't install it with pkg_add?
> >
> > sorry, I never try clamav, so I am not sure the exact reason for that
> > error. Maybe when you install the source code, there is no error anymore
> > :)
>
> The advice was bogus, zlib is not a package on FreeBSD.
>
> > Or, you may need to install this port find_zlib-1.9, which can be found
> > in /usr/ports/security/.
>
> That does something else again..please try not to give bad advice :-)
I apologize for that. Thanks for your reminding.

-- 
Best Regards.

Yuan Jue

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200509090813.06887.yuanjue122>