While investigating a potentially compromised system, I ran `bash --version` and got the following:
`GNU bash, version 4.4.20(1)-release (x86_64-pc-linux-gnu)`
Disquieting, given that I had just installed a package named `bash_4.4.18-2ubuntu1.3_amd64.deb`. I downloaded the `.deb` archive and, upon extracting it, checked its hash (SHA256) against the instance on my path. They were the same (`15d4469eb3da716fefcc0c395a5b1d1657ad0555ec3ae623e727bb0dfcee19cf`).
Why is the version reported by the binary different from the version used to denote the package?
While investigating a potentially compromised system, I ran `bash --version` and got the following:
`GNU bash, version 4.4.20(1)-release (x86_64- pc-linux- gnu)`
Disquieting, given that I had just installed a package named `bash_4. 4.18-2ubuntu1. 3_amd64. deb`. I downloaded the `.deb` archive and, upon extracting it, checked its hash (SHA256) against the instance on my path. They were the same (`15d4469eb3da7 16fefcc0c395a5b 1d1657ad0555ec3 ae623e727bb0dfc ee19cf` ).
Why is the version reported by the binary different from the version used to denote the package?