On Fri, Sep 26, 2014 at 3:24 PM, <m.roth@xxxxxxxxx> wrote:
> Jessica Blank wrote:
>> Good afternoon!
>>
>> After applying the latest bash RPM listed at
>> http://lists.centos.org/pipermail/centos-announce/2014-September/020594.html
>> :
>> The fixed RPM (bash-3.2-33.el5_10.4.x86_64.rpm) DOES work just fine on
>> CentOS 5.10. However, it DOES NOT work on CentOS 5.4. That is, bash runs
>> fine, but IS STILL VULNERABLE TO SHELLSHOCK!
>>
>> Scary screenie at: http://i.imgur.com/yR7sBjV.png
>>
>> It looks like the released RPM somehow behaves DIFFERENTLY on 5.4 as
>> opposed to 5.10.
>>
>> This has been validated by one of my coworkers; it's apparently not just
>> me.
>
> Please note that the rpm is only for 5.10. You need to look around to see
> if there *is* an update for 5.4....
Not necessarily. The whole point of the way 'enterprise' OS versions
keep their library APIs consistent means you can usually any package
without breaking things - and that should apply to internal packages
as well as your own. And system packages that need specific versions
should say so in their rpm dependencies to bring them along if you try
to update.
--
Les Mikesell
lesmikesell@xxxxxxxxx
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
