On 3/29/11 6:29 AM, "Russ Tyndall" <fitz...@redshanksoftware.com> wrote:
> > On Mar 27, 2011, at 2:31 AM, Al Varnell wrote: > >> Some Mac users will recall that several months back we discussed the bzip2 >> bug and I filed a bug report with Apple when it wasn't included in their >> previous updates back in November. They acknowledged they were working on >> it and promised it would be out shortly. Last Monday they posted updates to >> both Mac OS X 10.5.8 and 10.6.6 which purports to fix the bug (forwarded >> below). > > For older machines (10.4) what is the best way to update bzip2? > Mac OS X 10.4 probably has bigger security issues for you than bzip2 as there have been no updates since Sep 2009. > Do I need to put MacPorts on every machine? Or can updated bzip2 files be > manually installed? Obviously, I am going to have to go third-party. > I can't think of any reason you couldn't just download and compile the source from <http://bzip.org/> and install all the files for v1.0.6. I don't really know what the OS uses bzip2 for, other than decompressing .bz2 files that it runs across, but there could potentially be OS compatibility issues. I'm aware of several folks who have been using v1.0.6 since it came out, at least one of whom is running 10.4 and have not reported having any issues. > If bzip2 is not updated, will clamd be unstable? > I know clamav (freshclam) needs bzip2 to decompressing signature database .cvd files. The scanners undoubtedly use it to decompress .bz2 files they encounter. If any of these files are malformed to trigger the security bug, then they could potentially be a problem, but I have no idea how common such files are. -Al- -- Al Varnell Mountain View, CA _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
