Bash Vulnerability in CentOS

Dear Rocks Community,
There is a particularly troublesome vulnerability in bash for which RedHat and CentOS published fixes today (24 Sep 2014).

The description of the bug can be found at the following URLs
https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
https://access.redhat.com/security/cve/CVE-2014-6271
http://seclists.org/oss-sec/2014/q3/650

The following recipe should enable you to update every node in your cluster. This is tested on Rocks 6.1 and 6.1.1.
On your frontend:
on 6.1:

yumdownloader --enablerepo=updates --destdir=/export/rocks/install/contrib/6.1/x86_64/RPMS/ bash

on 6.1.1:
yumdownloader --enablerepo=updates --destdir=/export/rocks/install/contrib/6.1.1/x86_64/RPMS/ bash

Then,
cd /export/rocks/install
rocks create distro
rocks run host % "yum clean all; yum -y update bash"

Notes:

  1. the run host command will attempt to run on all hosts (even if you have switches). You can be more precise if you just have a frontend and compute nodes with rocks run host frontend compute "yum clean all; yum update bash"
  2. the version of the bash rpm should be bash-4.1.2-15.el6_5.1.x86_64.rpm. Note the _5 in the version name. The build date is 24 Sep 2014.
  3. by copying the updated rpm into your distro, any future re-installs of nodes will automatically install the correct version.