Bash Vulnerability in CentOS

Dear Rocks Community,
There is a particularly troublesome vulnerability in bash for which RedHat and CentOS published fixes today (24 Sep 2014).

The description of the bug can be found at the following URLs

The following recipe should enable you to update every node in your cluster. This is tested on Rocks 6.1 and 6.1.1.
On your frontend:
on 6.1:

yumdownloader --enablerepo=updates --destdir=/export/rocks/install/contrib/6.1/x86_64/RPMS/ bash

on 6.1.1:
yumdownloader --enablerepo=updates --destdir=/export/rocks/install/contrib/6.1.1/x86_64/RPMS/ bash

cd /export/rocks/install
rocks create distro
rocks run host % "yum clean all; yum -y update bash"


  1. the run host command will attempt to run on all hosts (even if you have switches). You can be more precise if you just have a frontend and compute nodes with rocks run host frontend compute "yum clean all; yum update bash"
  2. the version of the bash rpm should be bash-4.1.2-15.el6_5.1.x86_64.rpm. Note the _5 in the version name. The build date is 24 Sep 2014.
  3. by copying the updated rpm into your distro, any future re-installs of nodes will automatically install the correct version.