Re: question about zlib security patch
Dan Nelson wrote: In the last episode (Sep 09), Chantal Rosmuller said: Thanks everyone for the advice, I installed the sources and applied the patch, so I guess I took care of the zlib security issue The clamav error remained though but someone at the qmail rocks mailinglist suggested that clamav cannot see that zlib is patched so it is safe to ignore the error. To be on the safe side I will post the question about the error on the clamav mailing list. Yes, clamav only checks the version number in the header; it doesn't actually test the bug. Thanks, good to know Chantal ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: question about zlib security patch
Thanks everyone for the advice, I installed the sources and applied the patch, so I guess I took care of the zlib security issue The clamav error remained though but someone at the qmail rocks mailinglist suggested that clamav cannot see that zlib is patched so it is safe to ignore the error. To be on the safe side I will post the question about the error on the clamav mailing list. regards Chantal ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: question about zlib security patch
In the last episode (Sep 09), Chantal Rosmuller said: Thanks everyone for the advice, I installed the sources and applied the patch, so I guess I took care of the zlib security issue The clamav error remained though but someone at the qmail rocks mailinglist suggested that clamav cannot see that zlib is patched so it is safe to ignore the error. To be on the safe side I will post the question about the error on the clamav mailing list. Yes, clamav only checks the version number in the header; it doesn't actually test the bug. -- Dan Nelson [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: question about zlib security patch
On Thursday 08 September 2005 22:23, Chantal Rosmuller wrote: I was installing clamav 0.83 on a freebsd 5.4 system and I got the following error: clamav configure: error: The installed zlib version may contain a security bug I want to upgrade zlib to solve this but: - I don't know how I can see what version of zlib I have at the moment? use pkg_info|grep zlib - I found the following advice on the freebsd site: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:18.zlib.asc according to this I have to do the following: # cd /usr/src # patch /path/to/patch # cd /usr/src/lib/libz/ # make obj make depend make make install but I have no /usr/src/lib/libz/ maybe you didn't install source code when you installed your FreeBSD. You still can do it using sysinstall now. Good luck! -- Best Regards. Yuan Jue ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: question about zlib security patch
Yuan Jue wrote: On Thursday 08 September 2005 22:23, Chantal Rosmuller wrote: I was installing clamav 0.83 on a freebsd 5.4 system and I got the following error: clamav configure: error: The installed zlib version may contain a security bug I want to upgrade zlib to solve this but: - I don't know how I can see what version of zlib I have at the moment? use pkg_info|grep zlib - I found the following advice on the freebsd site: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:18.zlib.asc according to this I have to do the following: # cd /usr/src # patch /path/to/patch # cd /usr/src/lib/libz/ # make obj make depend make make install but I have no /usr/src/lib/libz/ maybe you didn't install source code when you installed your FreeBSD. You still can do it using sysinstall now. Good luck! Thank you Yuan You are right I didn't install the sourcecode, the instructions make a lot more sense now :) one other small question, pkg_info | grep zlib gave me the following output; jzlib-1.0.5_1 A re-implementation of zlib in pure Java php4-zlib-4.3.10_2 The zlib shared extension for php so no zlib? Why is that ? because I didn't install it with pkg_add? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: question about zlib security patch
On Thursday 08 September 2005 22:43, Chantal Rosmuller wrote: I was installing clamav 0.83 on a freebsd 5.4 system and I got the following error: clamav configure: error: The installed zlib version may contain a security bug I want to upgrade zlib to solve this but: - I don't know how I can see what version of zlib I have at the moment? use pkg_info|grep zlib - I found the following advice on the freebsd site: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:18.zlib.a sc according to this I have to do the following: # cd /usr/src # patch /path/to/patch # cd /usr/src/lib/libz/ # make obj make depend make make install but I have no /usr/src/lib/libz/ maybe you didn't install source code when you installed your FreeBSD. You still can do it using sysinstall now. You are right I didn't install the sourcecode, the instructions make a lot more sense now :) one other small question, pkg_info | grep zlib gave me the following output; jzlib-1.0.5_1 A re-implementation of zlib in pure Java php4-zlib-4.3.10_2 The zlib shared extension for php so no zlib? Why is that ? because I didn't install it with pkg_add? sorry, I never try clamav, so I am not sure the exact reason for that error. Maybe when you install the source code, there is no error anymore :) Or, you may need to install this port find_zlib-1.9, which can be found in /usr/ports/security/. Good luck! -- Best Regards. Yuan Jue ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: question about zlib security patch
In the last episode (Sep 08), Chantal Rosmuller said: I was installing clamav 0.83 on a freebsd 5.4 system and I got the following error: clamav configure: error: The installed zlib version may contain a security bug I want to upgrade zlib to solve this but: - I don't know how I can see what version of zlib I have at the moment? - I found the following advice on the freebsd site: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:18.zlib.asc according to this I have to do the following: # cd /usr/src # patch /path/to/patch # cd /usr/src/lib/libz/ # make obj make depend make make install but I have no /usr/src/lib/libz/ You will need to fetch the FreeBSD source tree first: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/current-stable.html#STABLE If you still have your installation CDs, you should be able to run sysinstall and just reinstall the src distribution ( Configure - Distributions - select 'src', select 'All' ). Then you can apply the patch. -- Dan Nelson [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: question about zlib security patch
On Thu, Sep 08, 2005 at 11:09:43PM +0800, Yuan Jue wrote: On Thursday 08 September 2005 22:43, Chantal Rosmuller wrote: I was installing clamav 0.83 on a freebsd 5.4 system and I got the following error: clamav configure: error: The installed zlib version may contain a security bug I want to upgrade zlib to solve this but: - I don't know how I can see what version of zlib I have at the moment? use pkg_info|grep zlib - I found the following advice on the freebsd site: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:18.zlib.a sc according to this I have to do the following: # cd /usr/src # patch /path/to/patch # cd /usr/src/lib/libz/ # make obj make depend make make install but I have no /usr/src/lib/libz/ maybe you didn't install source code when you installed your FreeBSD. You still can do it using sysinstall now. You are right I didn't install the sourcecode, the instructions make a lot more sense now :) one other small question, pkg_info | grep zlib gave me the following output; jzlib-1.0.5_1 A re-implementation of zlib in pure Java php4-zlib-4.3.10_2 The zlib shared extension for php so no zlib? Why is that ? because I didn't install it with pkg_add? sorry, I never try clamav, so I am not sure the exact reason for that error. Maybe when you install the source code, there is no error anymore :) The advice was bogus, zlib is not a package on FreeBSD. Or, you may need to install this port find_zlib-1.9, which can be found in /usr/ports/security/. That does something else again..please try not to give bad advice :-) Kris pgp1NPSfWRJUJ.pgp Description: PGP signature
Re: question about zlib security patch
On Thu, Sep 08, 2005 at 04:23:09PM +0200, Chantal Rosmuller wrote: Hi everyone, I was installing clamav 0.83 on a freebsd 5.4 system and I got the following error: clamav configure: error: The installed zlib version may contain a security bug I want to upgrade zlib to solve this but: - I don't know how I can see what version of zlib I have at the moment? - I found the following advice on the freebsd site: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:18.zlib.asc according to this I have to do the following: # cd /usr/src # patch /path/to/patch # cd /usr/src/lib/libz/ # make obj make depend make make install but I have no /usr/src/lib/libz/ Can anyone clarify this for me? Thanks! You will need to either first install the FreeBSD sources (see the handbook for full description of the many ways to do this) or upgrade your FreeBSD installation to the latest security revision, see http://www.daemonology.net/freebsd-update/ Kris pgp0K9fk3H802.pgp Description: PGP signature
Re: question about zlib security patch
On Friday 09 September 2005 01:39, Kris Kennaway wrote: I was installing clamav 0.83 on a freebsd 5.4 system and I got the following error: clamav configure: error: The installed zlib version may contain a security bug I want to upgrade zlib to solve this but: - I don't know how I can see what version of zlib I have at the moment? use pkg_info|grep zlib - I found the following advice on the freebsd site: ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:18.zl ib.a sc according to this I have to do the following: # cd /usr/src # patch /path/to/patch # cd /usr/src/lib/libz/ # make obj make depend make make install but I have no /usr/src/lib/libz/ maybe you didn't install source code when you installed your FreeBSD. You still can do it using sysinstall now. You are right I didn't install the sourcecode, the instructions make a lot more sense now :) one other small question, pkg_info | grep zlib gave me the following output; jzlib-1.0.5_1 A re-implementation of zlib in pure Java php4-zlib-4.3.10_2 The zlib shared extension for php so no zlib? Why is that ? because I didn't install it with pkg_add? sorry, I never try clamav, so I am not sure the exact reason for that error. Maybe when you install the source code, there is no error anymore :) The advice was bogus, zlib is not a package on FreeBSD. Or, you may need to install this port find_zlib-1.9, which can be found in /usr/ports/security/. That does something else again..please try not to give bad advice :-) I apologize for that. Thanks for your reminding. -- Best Regards. Yuan Jue ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]