LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Closed Thread
  Search this Thread
Old 09-30-2014, 09:40 AM   #1
LYC
Member
 
Registered: Jan 2014
Posts: 100

Rep: Reputation: Disabled
bash vulnerability patch


Hi,

- We didn't purchase support from RH, is there anyway to download the patch for "bash" vulnerability for RHEL?
- Where to download the patch for "bash" vulnerability for CentOS?

Thanks in advance.
 
Old 09-30-2014, 10:15 AM   #2
TenTenths
Senior Member
 
Registered: Aug 2011
Location: Dublin
Distribution: Centos 5 / 6 / 7
Posts: 2,575

Rep: Reputation: 938Reputation: 938Reputation: 938Reputation: 938Reputation: 938Reputation: 938Reputation: 938Reputation: 938
Quote:
Originally Posted by LYC View Post
Hi,

- We didn't purchase support from RH, is there anyway to download the patch for "bash" vulnerability for RHEL?
- Where to download the patch for "bash" vulnerability for CentOS?

Thanks in advance.
1) If you aren't paying RH for support you should uninstall RHEL, I believe that's part of the contract agreement.
2) If your CentOS servers are configured correctly then "yum update bash" should work just fine.
 
1 members found this post helpful.
Old 09-30-2014, 10:41 AM   #3
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 19,329

Rep: Reputation: 4473Reputation: 4473Reputation: 4473Reputation: 4473Reputation: 4473Reputation: 4473Reputation: 4473Reputation: 4473Reputation: 4473Reputation: 4473Reputation: 4473
Quote:
Originally Posted by LYC View Post
Hi,
- We didn't purchase support from RH, is there anyway to download the patch for "bash" vulnerability for RHEL?
Yes...you contact Red Hat, and PAY FOR RHEL.
Quote:
- Where to download the patch for "bash" vulnerability for CentOS?
Through the CentOS repositories....which may (or may NOT) work correctly with your unlicensed RHEL server, and may (or may NOT) cause problems with your unlicensed RHEL server. There's no way of knowing, since you don't say what version of RHEL you're using, and how far out of date/patch-level you're already at. Fixing bash may cause other problems...and it may not even be POSSIBLE, if your system is too far off kilter already.

If you want your server to be stable, then call Red Hat, pay for support, and use the certified repositories. If you don't want to pay, stop where you are, and do a fresh install of CentOS instead, and move forward.
 
Old 09-30-2014, 10:43 AM   #4
LYC
Member
 
Registered: Jan 2014
Posts: 100

Original Poster
Rep: Reputation: Disabled
Hi,

Correct me that once the support contract with RH, it is not allow to continue use RH?
 
Old 09-30-2014, 11:20 AM   #5
knudfl
LQ 5k Club
 
Registered: Jan 2008
Location: Copenhagen, DK
Distribution: pclos2017 CentOS6.9 CentOS7.4 + 50+ other Linux OS, for test only.
Posts: 16,758

Rep: Reputation: 3329Reputation: 3329Reputation: 3329Reputation: 3329Reputation: 3329Reputation: 3329Reputation: 3329Reputation: 3329Reputation: 3329Reputation: 3329Reputation: 3329
← #4 .

There is no reason to use an RHEL OS with no license.
! You cannot get updates or packages.

Solution : Migrate the OS to CentOS
http://wiki.centos.org/HowTos/MigrationGuide

-
 
Old 09-30-2014, 11:36 AM   #6
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 19,329

Rep: Reputation: 4473Reputation: 4473Reputation: 4473Reputation: 4473Reputation: 4473Reputation: 4473Reputation: 4473Reputation: 4473Reputation: 4473Reputation: 4473Reputation: 4473
Quote:
Originally Posted by LYC View Post
Hi,
Correct me that once the support contract with RH, it is not allow to continue use RH?
What??? If you get under support with Red Hat, then you get support from Red Hat. You can USE RHEL as long as you want for free, but you WILL NOT get support/patches/fixes, simple as that.

So, again...either pay for RHEL, and get the certified patches/updates, or migrate/load CentOS instead. Again, you don't say what version of RHEL you're using...if it's anything less than 5.10, you may not be able to purchase ANY support AT ALL, since it's too old.
 
Old 09-30-2014, 12:09 PM   #7
szboardstretcher
Senior Member
 
Registered: Aug 2006
Location: Detroit, MI
Distribution: GNU/Linux systemd
Posts: 4,211

Rep: Reputation: 1612Reputation: 1612Reputation: 1612Reputation: 1612Reputation: 1612Reputation: 1612Reputation: 1612Reputation: 1612Reputation: 1612Reputation: 1612Reputation: 1612
If you want to be fancy, you can download the patched Source RPMS directly from RH and compile them...
 
  


Closed Thread


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Concern over Bash vulnerability grows as exploit reported “in the wild” LXer Syndicated Linux News 0 09-26-2014 03:51 AM
LXer: Samba patch fixes critical vulnerability LXer Syndicated Linux News 0 08-04-2014 02:50 PM
Can't inject x00 value with bash-printf using string format vulnerability in x64 kaos_npc Programming 5 05-27-2014 03:14 PM
LXer: Critical Java vulnerability made possible by earlier incomplete patch LXer Syndicated Linux News 0 01-12-2013 04:12 PM
Patch of vulnerability CVE:2007-5001 nnetala Linux - Newbie 0 06-26-2008 04:27 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 02:12 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration