[CentOS] URGENT! Shellshock fix DOES NOT fix the bug on CentOS 5.4
Lamar Owen
lowen at pari.edu
Mon Sep 29 15:36:28 UTC 2014
On 09/29/2014 04:15 AM, lhecking at users.sourceforge.net wrote:
> William Woods writes:
>> 5.4 ? really???. 5.4 ? you have a lot of other issues to worry about.
>
> Repeating it three times doesn't make an arrogant statement more true.
>
> There are corporate environments that cannot upgrade for various reasons.
> Also, the history and performance of e.g autofs on RHEL/CentOS is truly
> awful. 5.4 does quite well in this regard, and later releases don't.
>
...
I read the thread before replying, and didn't see anyone mention that,
if one needs an open source stay-on-a-point-release setup, one should
investigate Scientific Linux, which does do this. Yes, you can stay on
5.4 and get only the security updates. This is one of the differences
between SL and CentOS. (now, they only build for releases where
upstream releases sources; thus, if you're on EL4, no updates for you.....).
The latest shellshock update from SL, for SL 5.4 x86_64 (which would
install on C5.4 unmodified, I would imagine), is:
ftp://ftp.scientificlinux.org/linux/scientific/54/x86_64/updates/security/bash-3.2-33.el5_11.4.x86_64.rpm
For certain scientific applications, there are serious reasons to stay
at a point release, and SL supplies to this niche.
If I were to need this specific niche here I would run SL at a point
release without hesitation.
More information about the CentOS
mailing list