I'm just about to update ClamAV to v0.86 on a CentOS4 box having successfully done this on a 3.3 box but... configure: error: The installed zlib version may contain a security bug. Please upgrade to 1.2.2 or later: http://www.zlib.net. You can omit this check with --disable-zlib-vcheck but DO NOT REPORT any stability issues then! Any expected probs with me doing this update from the site - I have tried with yum (including Dag's repository) and it finds no updates. Ta NK
Aleksandar Milivojevic
2005-Jun-22 12:00 UTC
[CentOS] CentOS4 ClamAV reports zlib needs updating
Nigel kendrick wrote:> I'm just about to update ClamAV to v0.86 on a CentOS4 box having > successfully done this on a 3.3 box but... > > configure: error: The installed zlib version may contain a security bug. > Please upgrade to 1.2.2 or later: http://www.zlib.net. You can omit this > check with --disable-zlib-vcheck but DO NOT REPORT any stability issues > then! > > Any expected probs with me doing this update from the site - I have tried > with yum (including Dag's repository) and it finds no updates.Why don't you simply install clamav RPM packages from Dag's repository? As for zlib, I would check if the fix for that security bug was backported to the zlib RPM used on CentOS. You'd need to know exactly what bug the error message refers to ("security bug" is rather broad description), and compare it with what "rmp -q --changelog zlib" says (there's couple of security bugs fixed according to changelog, but it is hard to know if any of them is the one referenced by clamav).
On Wed, 2005-06-22 at 12:38 +0100, Nigel kendrick wrote:> I'm just about to update ClamAV to v0.86 on a CentOS4 box having > successfully done this on a 3.3 box but... > > configure: error: The installed zlib version may contain a security bug. > Please upgrade to 1.2.2 or later: http://www.zlib.net. You can omit this > check with --disable-zlib-vcheck but DO NOT REPORT any stability issues > then! > > Any expected probs with me doing this update from the site - I have tried > with yum (including Dag's repository) and it finds no updates. > > Ta > > NK >That is a bugus warning (due to the RH backporting policy) http://www.redhat.com/advice/speaks_backport.html The clamav guys are falling into the trap that there is no backporting, even though the all the major enterprise distros use it. ... the fix has been addressed previously on this list when running ./configure ... use the below switch:> finish yet with clamav-0.84 it dies and i had to insert an > > --disable-zlib-vcheck > > to get it to finish the configure.-------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: <http://lists.centos.org/pipermail/centos/attachments/20050622/8674e5cf/attachment-0003.sig>
Ignacio Vazquez-Abrams
2005-Jun-22 12:08 UTC
[CentOS] CentOS4 ClamAV reports zlib needs updating
On Wed, 2005-06-22 at 12:38 +0100, Nigel kendrick wrote:> configure: error: The installed zlib version may contain a security bug. > Please upgrade to 1.2.2 or later: http://www.zlib.net. You can omit this > check with --disable-zlib-vcheck but DO NOT REPORT any stability issues > then!http://www.google.ca/search?q=site%3Acentos.org+zlib+version+clamav http://lists.centos.org/pipermail/centos/2005-February/002575.html -- Ignacio Vazquez-Abrams <ivazquez at ivazquez.net> http://centos.ivazquez.net/ gpg --keyserver hkp://subkeys.pgp.net --recv-key 38028b72 -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: <http://lists.centos.org/pipermail/centos/attachments/20050622/bc6b6ad6/attachment-0003.sig>