On Fri, Sep 26, 2014 at 3:24 PM, m.roth@5-cent.us wrote:
Jessica Blank wrote:
Good afternoon!
After applying the latest bash RPM listed at http://lists.centos.org/pipermail/centos-announce/2014-September/020594.html : The fixed RPM (bash-3.2-33.el5_10.4.x86_64.rpm) DOES work just fine on CentOS 5.10. However, it DOES NOT work on CentOS 5.4. That is, bash runs fine, but IS STILL VULNERABLE TO SHELLSHOCK!
Scary screenie at: http://i.imgur.com/yR7sBjV.png
It looks like the released RPM somehow behaves DIFFERENTLY on 5.4 as opposed to 5.10.
This has been validated by one of my coworkers; it's apparently not just me.
Please note that the rpm is only for 5.10. You need to look around to see if there *is* an update for 5.4....
Not necessarily. The whole point of the way 'enterprise' OS versions keep their library APIs consistent means you can usually any package without breaking things - and that should apply to internal packages as well as your own. And system packages that need specific versions should say so in their rpm dependencies to bring them along if you try to update.