Recently while the whole Unix world was shocked by the Shell Shock bug in bash , like everyone we were also scheduled to patch our servers(all of those having RHEL 5.6 Tikanga installed). We upgrade the bash through the following command:
rpm -U bash-3.2-33.el5_11.4.x86_64.
And then we checked whether the new package is get installed or not through the following command:
rpm -qa | grep bash
This one confirmed that new bash package i.e bash-3.2-33.el5_11.4.x86_64.
bash --version
GNU bash, version 3.2.25(1)-release (x86_64-redhat-linux-gnu)
Copyright (C) 2005 Free Software Foundation, Inc.
Then i found that on the Red Hat Site that is a default behavior of RHEL OS. This phenomenon is called Backporting Security fixes.
Backporting can be described as follows:
When a security flaw is fixed in the most recent version of an upstream software package and that fix get applied to an older version of the package we distribute it is called Backporting Security Fix.
So the software version will not change but the changes made in the recent version would get integrated in the older version through upgrade and thus make it vulnerable free.
