The command "bash --version" does not show the correct version number after updating to the latest bash package.
Issue
-
We have installed the latest bash packages on our RHEL5/6 servers to remediate or mitigate the vulnerabilities reported in the below listed CVEs.
CVE-2014-6271
CVE-2014-7169
CVE-2014-7186
CVE-2014-7187
CVE-2014-6277
CVE-2014-6278 -
However the version numbers returned by "bash --version" appear not to have changes and do not match the rpm versions.
RHEL6.5 # rpm -q bash
bash-4.1.2-15.el6_5.2.x86_64
RHEL6.5 # bash --version
GNU bash, version 4.1.2(1)-release (x86_64-redhat-linux-gnu)
Copyright (C) 2009 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software; you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
RHEL5.10 # rpm -q bash
bash-3.2-33.el5_11.4
RHEL5.10 # bash --version
GNU bash, version 3.2.25(1)-release (x86_64-redhat-linux-gnu)
Copyright (C) 2005 Free Software Foundation, Inc.
Environment
- Red Hat Enterprise Linux 6
- Red Hat Enterprise Linux 5
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
