[CentOS] URGENT! Shellshock fix DOES NOT fix the bug on CentOS 5.4

Akemi Yagi

amyagi at gmail.com
Mon Sep 29 15:49:44 UTC 2014


On Mon, Sep 29, 2014 at 8:36 AM, Lamar Owen <lowen at pari.edu> wrote:

> I read the thread before replying, and didn't see anyone mention that, if
> one needs an open source stay-on-a-point-release setup, one should
> investigate Scientific Linux, which does do this.  Yes, you can stay on 5.4
> and get only the security updates.  This is one of the differences between
> SL and CentOS.  (now, they only build for releases where upstream releases
> sources; thus, if you're on EL4, no updates for you.....).
>
> The latest shellshock update from SL, for SL 5.4 x86_64 (which would install
> on C5.4 unmodified, I would imagine), is:
> ftp://ftp.scientificlinux.org/linux/scientific/54/x86_64/updates/security/bash-3.2-33.el5_11.4.x86_64.rpm
>
> For certain scientific applications, there are serious reasons to stay at a
> point release, and SL supplies to this niche.
>
> If I were to need this specific niche here I would run SL at a point release
> without hesitation.

This is one of the reasons why I run SL on a computer that needs to
stay at an earlier version because of certain in-house software. A
little more detailed description about how security updates are
provided in SL can be found near the bottom of this blog:

http://blog.toracat.org/2013/05/install-security-updates-in-rhel/

Akemi



More information about the CentOS mailing list