Subject: | |
From: | |
Reply To: | |
Date: | Thu, 25 Sep 2014 10:26:53 +0100 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
On Thu, 2014-09-25 at 09:16 +0000, Werf, C.G. van der (Carel) wrote:
> Yesterday a lot of yum-updates ran to update to the latest bash-versions.
>
> Though my /bin/bash was changed last night, and yum.log shows 3.2.33 should have installed,
> # /bin/bash --version still shows 3.2.25
>
> Ofcourse, also # strings /bin/bash shows old version number.
>
> Is this a policy NOT to change version-numbers ?
It's worth pointing out that there has just been a serious (and possibly
remote!) bash vulnerability which this fixes.
A test is:
env X="() { :;} ; echo vulnerable" /bin/bash -c "echo completed"
My systems were echoing "vulnerable" before the fix but not after.
John
|
|
|