I'm trying to update a CentOS 5 system in order to patch the bash vulnerability described in CVE-2014-6271 / RHSA-2014:1293-1, but am running into an issue.
After seemingly-successfully updating bash via yum update bash
and restarting the server, yum list bash
lists the installed version as patched (3.2.33.e15.1) but /bin/bash --version
is displaying 3.2.25(1)-release.
By all accounts (via rpm -ql bash
), the binary location is correct and find / -name bash
only returns that one location.
Any thoughts as to why the version discrepancy might be occuring?