This is of course not quite on-topic for this list, but I did hit the problem in relation with ClamAV, and my other searches have come up blank, so please bear with me:
On a pretty recent CentOS 5.2 installation with working daily automatic updates, ClamAV 0.94's ./configure complains thusly: checking how to link with libbz2... -lbz2 checking for bzReadOpen in -lbz2... no checking bzlib.h usability... yes checking bzlib.h presence... yes checking for bzlib.h... yes checking for CVE-2008-1372... bugged configure: WARNING: ****** bzip2 libraries are affected by the CVE-2008-1372 bug configure: WARNING: ****** We strongly suggest you to update to bzip2 1.0.5. configure: WARNING: ****** Please do not report stability problems to the ClamAV developers! Indeed, "yum list *bzip2*" tells me: Installed Packages bzip2.i386 1.0.3-3 installed bzip2-devel.i386 1.0.3-3 installed bzip2-libs.i386 1.0.3-3 installed But even a manual "yum update" finds nothing to update. I cannot imagine Redhat/CentOS neglecting to provide a patch for that vulnerability, so I am probably doing something wrong. But what? Thanks in advance for any hints. -- Tilman Schmidt Phoenix Software GmbH Bonn, Germany
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml