Redhat
[root@hostname ~]# yum clean all && yum update bash
Loading "security" plugin
Cleaning up Everything
Loading "security" plugin
base 100% |=========================| 1.1 kB 00:00
primary.xml.gz 100% |=========================| 996 kB 00:02
base : ################################################## 2791/2791
updates 100% |=========================| 1.9 kB 00:00
primary.sqlite.bz2 100% |=========================| 62 kB 00:00
extras 100% |=========================| 2.1 kB 00:00
primary.sqlite.bz2 100% |=========================| 164 kB 00:00
addons 100% |=========================| 1.9 kB 00:00
primary.sqlite.bz2 100% |=========================| 1.1 kB 00:00
Skipping security plugin, no data
Setting up Update Process
Resolving Dependencies
Skipping security plugin, no data
--> Running transaction check
---> Package bash.i386 0:3.2-33.el5_11.4 set to be updated
--> Finished Dependency Resolution
Dependencies Resolved
=============================================================================
Package Arch Version Repository Size
=============================================================================
Updating:
bash i386 3.2-33.el5_11.4 updates 1.8 M
Transaction Summary
=============================================================================
Install 0 Package(s)
Update 1 Package(s)
Remove 0 Package(s)
Total download size: 1.8 M
Is this ok [y/N]: y
Downloading Packages:
(1/1): bash-3.2-33.el5_11 100% |=========================| 1.8 MB 00:02
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Updating : bash ######################### [1/2]
Cleanup : bash ######################### [2/2]
Updated: bash.i386 0:3.2-33.el5_11.4
Complete!
[root@hostname ~]# rpm -qa | grep bash
bash-3.2-33.el5_11.4
[root@hostname ~]# bash --version
GNU bash, version 3.2.25(1)-release (i386-redhat-linux-gnu)
Copyright (C) 2005 Free Software Foundation, Inc.
bash --version 실행 시 예전 버전이 나오는데, 이게 정상이라고 함...
참조3에서 comment에 보면 CSE Unix 가 질문함
Querry : #bash -version still showing old version of bash , although it is showing upgraded version installed in #rpm -qa | grep bash
Red Hat Guru Ranjith Rajaram 이 답
That's normal. Red Hat usually backports the fix to the existing version. bash -version will not show any difference in the output post update.
참조
- GNU Bash 원격명령 실행 취약점 대응방안 권고 : http://boho.or.kr/upload/file/EpF859.pdf
- 2014 쉘쇼크 Bash 취약점 조치 : http://jmnote.com/wiki/2014_%EC%89%98%EC%87%BC%ED%81%AC_Bash_%EC%B7%A8%EC%95%BD%EC%A0%90_%EC%A1%B0%EC%B9%98
- https://access.redhat.com/solutions/1207723