The command "bash --version" does not show the correct version number after updating to the latest bash package.
Issue
-
We have installed the latest bash packages on our RHEL5/6 servers to remediate or mitigate the vulnerabilities reported in the below listed CVEs.
CVE-2014-6271
CVE-2014-7169
CVE-2014-7186
CVE-2014-7187
CVE-2014-6277
CVE-2014-6278 -
However the version numbers returned by "bash --version" appear not to have changes and do not match the rpm versions.
RHEL6.5 # rpm -q bash
bash-4.1.2-15.el6_5.2.x86_64
RHEL6.5 # bash --version
GNU bash, version 4.1.2(1)-release (x86_64-redhat-linux-gnu)
Copyright (C) 2009 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software; you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
RHEL5.10 # rpm -q bash
bash-3.2-33.el5_11.4
RHEL5.10 # bash --version
GNU bash, version 3.2.25(1)-release (x86_64-redhat-linux-gnu)
Copyright (C) 2005 Free Software Foundation, Inc.
Environment
- Red Hat Enterprise Linux 6
- Red Hat Enterprise Linux 5
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.
