We have installed the latest bash packages on our RHEL5/6 servers to remediate or mitigate the vulnerabilities reported in the below listed CVEs.
However the version numbers returned by "bash --version" appear not to have changes and do not match the rpm versions.
RHEL6.5 # rpm -q bash bash-4.1.2-15.el6_5.2.x86_64 RHEL6.5 # bash --version GNU bash, version 4.1.2(1)-release (x86_64-redhat-linux-gnu) Copyright (C) 2009 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software; you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law.
RHEL5.10 # rpm -q bash bash-3.2-33.el5_11.4 RHEL5.10 # bash --version GNU bash, version 3.2.25(1)-release (x86_64-redhat-linux-gnu) Copyright (C) 2005 Free Software Foundation, Inc.
- Red Hat Enterprise Linux 6
- Red Hat Enterprise Linux 5
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.