To complete @Terry's answer: MD5 is thoroughly broken for collisions, but only very slightly weakened for preimages and second preimages. Best known attack has cost 2123.4 (see the article), which is stupendously infeasible with existing technology, but, from an academic point of view, somewhat better than the expected 2127 resistance that a perfect hash function with a 128-bit output should offer.
SHA-256 is the current "default hash function" which you should use for anything which requires a hash function, unless some specific context characteristics warrant another function. However, replacing MD5 for integrity checks is not a critical emergency; no need to get all worried on it.
While MD5 is still fine for the purpose of integrity check, you must realize that this only translates the issue: you still have to make sure that you use the correct hash value. For instance, make sure that you get the hash value from an HTTPS Web site (from a reputable server). Hash values are small enough to allow for some extra mechanisms: you can write them down on paper or dictate them by phone, for instance, which you could not do with a 3 GB archive.