 
| Subject: | |
| From: | |
| Reply To: | |
| Date: | Thu, 25 Sep 2014 10:26:53 +0100 |
| Content-Type: | text/plain |
| Parts/Attachments: |
|
|
On Thu, 2014-09-25 at 09:16 +0000, Werf, C.G. van der (Carel) wrote:
> Yesterday a lot of yum-updates ran to update to the latest bash-versions.
>
> Though my /bin/bash was changed last night, and yum.log shows 3.2.33 should have installed,
> # /bin/bash --version still shows 3.2.25
>
> Ofcourse, also # strings /bin/bash shows old version number.
>
> Is this a policy NOT to change version-numbers ?
It's worth pointing out that there has just been a serious (and possibly
remote!) bash vulnerability which this fixes.
A test is:
env X="() { :;} ; echo vulnerable" /bin/bash -c "echo completed"
My systems were echoing "vulnerable" before the fix but not after.
John
|
|
|
