2

I'm trying to resolve the recent Shellshock exploit however every time I run "yum update" or "yum update bash", it plainly says everything is up to date.

I'm pretty frustrated at the issue and probably missed a small thing which I have yet to find out...

I would extremely appreciate assistance, cheers!

Using CentOS 6.5 64-bit, just so you know!

An example of updating:

sudo yum update bash
Loaded plugins: fastestmirror, security
Loading mirror speeds from cached hostfile
 * epel: mirror.hmc.edu
Setting up Update Process
No Packages marked for Update
Kenster
  • 2,152
  • 16
  • 16
Lorenc
  • 117
  • 1
  • 2
  • 7
  • give us the output of `yum list bash` – Safado Sep 26 '14 at 13:48
  • Also, run this to check if you're vulnerable `env 'x=() { :;}; echo vulnerable' 'BASH_FUNC_x()=() { :;}; echo vulnerable' bash -c "echo test"` – Safado Sep 26 '14 at 13:49
  • `# yum list bash Loaded plugins: fastestmirror, security Loading mirror speeds from cached hostfile * epel: mirror.hmc.edu Installed Packages bash.x86_64 4.1.2-15.el6_4 @anaconda-CentOS-201311291202.x86_64/6.5` and yes it is vulnerable – Lorenc Sep 26 '14 at 13:53
  • Did you disable the main CentOS repository? Because that's where you're going to get the update, not from EPEL. – Safado Sep 26 '14 at 13:54
  • Could be, I'm not that sure myself. I did fetch some more repositories like REMI and IUS just recently, but that didn't make a difference. But that's irrelevant :( How may I enable it again (I'm under the assumption it's disabled)? – Lorenc Sep 26 '14 at 13:59
  • Well, from your example output it shows that yum is only searching in EPEL. Remi and IUS aren't even listed. Figure out why it's not querying the CentOS repos and you'll figure it out. If you can't figure it out, you can always go fetch the rpm manually and install it. – Safado Sep 26 '14 at 14:44

2 Answers2

4

Do you have enabled the updates repository? Confirm with yum repolist all that the updates repository is available and enabled.

If you have the updates repository disabled you can enable the repository for a single yum command with:

yum  --enablerepo=updates update bash

or permanently by editing the /etc/yum.repos.d/CentOS-Base.repo configuration file.

Second, sometimes it helps if you clean the yum caches, with yum clean all

HBruijn
  • 77,029
  • 24
  • 135
  • 201
  • Tried the first command, didn't really do anything. Then I typed `yum clean all` and I believe that just created more errors, like some mirrors give me 404 errors. Additionally, updates is enabled as well. I'm still unsure. – Lorenc Sep 26 '14 at 14:03
1

Turns out I had bad repositories!

Edit /etc/yum.repos.d/CentOS-Base.repo:

[base] 
name=CentOS-$releasever - Base 
baseurl=http://ftp.osuosl.org/pub/centos/$releasever/os/$basearch/ 
gpgcheck=1 
gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-6 

[updates] 
name=CentOS-$releasever - Updates 
baseurl=http://ftp.osuosl.org/pub/centos/$releasever/updates/$basearch/ 
gpgcheck=1 
gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-6 

[extras] 
name=CentOS-$releasever - Extras 
baseurl=http://ftp.osuosl.org/pub/centos/$releasever/extras/$basearch/ 
gpgcheck=1 
gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-6 

[centosplus] 
name=CentOS-$releasever - Plus 
baseurl=http://ftp.osuosl.org/pub/centos/$releasever/centosplus/$basearch/ 
gpgcheck=1 
gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-6 

[contrib] 
name=CentOS-$releasever - Contrib 
baseurl=http://ftp.osuosl.org/pub/centos/$releasever/contrib/$basearch/ 
gpgcheck=1 
enabled=0 
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6

This fixed it for me, just type yum clean all after you're done editing the file, and yum update after that and it should work.

Lorenc
  • 117
  • 1
  • 2
  • 7
  • 1
    What do you mean by "bad repositories"? What's bad about them? And I do not even have such a file CentOS-Base.repo... – dokaspar Aug 07 '15 at 15:12