bash version doesn't change after shellshock update

Latest response

I noticed that the bash version (bash --version) did not change after applying the updated rpm. RPM reports the correct version number and the RH vulnerability checker script says everything is good. I even tried rebooting the server; nothing changed. This happened in RHEL5 32-bit & 64-bit and RHEL4 32-bit. Has anyone else seen this behavior?

xxxxx:/home/cbristol> bash --version
GNU bash, version 3.2.25(1)-release (i386-redhat-linux-gnu)

xxxxx:/home/cbristol> sudo rpm -Uvh bash-3.2-33.el5_11.4.i386.rpm
warning: bash-3.2-33.el5_11.4.i386.rpm: Header V3 DSA signature: NOKEY, key ID 1e5e0159
Preparing... ########################################### [100%]
1:bash ########################################### [100%]

xxxxx:/home/cbristol> bash --version
GNU bash, version 3.2.25(1)-release (i686-redhat-linux-gnu)

xxxxx:/home/cbristol> rpm -q bash
bash-3.2-33.el5_11.4

xxxxx:/home/cbristol> ./shellshock-test.sh
This system is safe from CVE-2014-6271 https://access.redhat.com/security/cve/CVE-2014-6271
This system is safe from CVE-2014-7169 https://access.redhat.com/security/cve/CVE-2014-7169

Responses

That is due to the backporting policy.

Very interesting. Thank you for providing the link!

rpm -qi bash

will show you detailed date and version and release number information.

rpm -q --changelog bash

will show you what bugs were fixed, sometimes with CVE numbers.

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.