bash-update
Yesterday a lot of yum-updates ran to update to the latest bash-versions. Though my /bin/bash was changed last night, and yum.log shows 3.2.33 should have installed, # /bin/bash --version still shows 3.2.25 Ofcourse, also # strings /bin/bash shows old version number. Is this a policy NOT to change version-numbers ? Regards, Carel
Re: bash-update
On Thu, 2014-09-25 at 09:16 +, Werf, C.G. van der (Carel) wrote:
Yesterday a lot of yum-updates ran to update to the latest bash-versions.
Though my /bin/bash was changed last night, and yum.log shows 3.2.33 should
have installed,
# /bin/bash --version still shows 3.2.25
Ofcourse, also # strings /bin/bash shows old version number.
Is this a policy NOT to change version-numbers ?
It's worth pointing out that there has just been a serious (and possibly
remote!) bash vulnerability which this fixes.
A test is:
env X=() { :;} ; echo vulnerable /bin/bash -c echo completed
My systems were echoing vulnerable before the fix but not after.
John
Re: bash-update
Excerpts from Werf, C.G. van der (Carel)'s message of 2014-09-25 11:16:35 +0200: Yesterday a lot of yum-updates ran to update to the latest bash-versions. Though my /bin/bash was changed last night, and yum.log shows 3.2.33 should have installed, # /bin/bash --version still shows 3.2.25 Ofcourse, also # strings /bin/bash shows old version number. Is this a policy NOT to change version-numbers ? The version of bash has not changed. Only the release number. i.e additional patches ontop of bash version 3.2.25. Run rpm -q --changelog bash | less should give a clue as to patches being applied Steve Regards, Carel -- -- Steve Traylen, CERN IT.
