| 2022-04-21 22:59:50 |
Casey Boettcher |
description |
While investigating a potentially compromised system, I ran `bash --version` and got the following:
`GNU bash, version 4.4.20(1)-release (x86_64-pc-linux-gnu)`
Disquieting, given that I had just installed a package named `bash_4.4.18-2ubuntu1.3_amd64.deb`. I downloaded the `.deb` archive and, upon extracting it, checked its hash (SHA256) against the instance on my path. They were the same (`15d4469eb3da716fefcc0c395a5b1d1657ad0555ec3ae623e727bb0dfcee19cf`).
Why is the version reported by the binary different from the version used to denote the package? |
While investigating a potentially compromised system, I ran `bash --version` and got the following:
`GNU bash, version 4.4.20(1)-release (x86_64-pc-linux-gnu)`
Disquieting, given that I had just installed a package named `bash_4.4.18-2ubuntu1.3_amd64.deb`. I downloaded the `.deb` archive and, upon extracting it, checked its hash (SHA256) against the instance on my path. They were the same (`15d4469eb3da716fefcc0c395a5b1d1657ad0555ec3ae623e727bb0dfcee19cf`)--indicating, presumably, that I was running whatever version was in the `.deb` I'd just downloaded.
Why is the version reported by the binary different from the version used to denote the package? |
|
