[CentOS] Critical update for bash released today.

Thu Sep 25 13:55:36 UTC 2014
Johnny Hughes <johnny at centos.org>

On 09/25/2014 01:07 AM, Michael Schumacher wrote:
> good morning,
>>>> You should 'yum update' as soon as possible to resolve this issue.
> I installed the update on C5 and C6 machines, but I do not see any
> difference in the output of "bash --version". Is that the expected
> behaviour?
> C5 returns
> ---8<---
> GNU bash, version 3.2.25(1)-release (x86_64-redhat-linux-gnu)
> Copyright (C) 2005 Free Software Foundation, Inc.
> ---<8---
> and C6 returns
> ---8<---
> GNU bash, version 4.1.2(1)-release (x86_64-redhat-linux-gnu)
> Copyright (C) 2009 Free Software Foundation, Inc.
> ---8<---
> before and after the update!
> best regards
> ---
> Michael Schumacher
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos

That is not the way to check if you have the update installed.  That is
the major upstream bash version on which the Red Hat version is based
... this will likely never change throughout the lifetime of each
individual man branch of CentOS .. that is, CentOS-5 will likely always
say 3.2.25(1)-release, CentOS-6 will likely always say 4.1.2(1)-release,

What you need to do to check the version is this:

rpm -q bash

the result should be (if you have the update):

for c5:   bash-3.2-33.el5.1

for c6:   bash-4.1.2-15.el6_5.1

for c7:   bash-4.2.45-5.el7_0.2

Note: Some people may have ARCH enabled in their RPM commands, so a
.i386, .i686, .x86_64 might be on the end of the above output, so for
c7, it might say:  bash-4.2.45-5.el7_0.2.x86_64

Johnny Hughes

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos/attachments/20140925/6c773ff0/attachment-0003.sig>