OS X bash Update 1.0 released for Mavericks, Mountain Lion and Lion

I would think Apple made that requirement for a reason, like its depending on some library that only exists in 10.9.5 or if you are actually security conscious you have the .5 version of the OS so that you have all the other security updates that have been released. Just a guess though.

I agree. I was just looking for a quicker way to get this pushed out. Thx.

make a policy to update machines to .5
make another policy that when a machine is at .5 push the bash update. 10 seconds to do it right, who knows how long to look for a way around right, then testing if your work around really worked and didnt cause some other problem.

Yup again agreed. The problem for us is that the .5 OS updates require reboots. Tough to gauge when users will be shutting down if at all. Since most of our Mac users are execs, I'll need to coordinate it a bit more. Thanks for your help.

@ mm2270 Because it was brainless and easy. Composer would not let me drag the file into Casper Admin as I had not extracted the package.

I made a package on 10.9.5 machine and am pushing it to 10.9.4 machines without issue.

Updating machines to .5 isn't easily done here where students are closing lids on laptops every 30 minutes. And our students almost never reboot as well.

I'm having the same issue right now. Policy with the .pkg for 10.9.5 and 10.8.5 (separate policies, natch) is great, but getting those stragglers up to 10.9.5 is the real challenge. I still haven't found a software update policy that really works in our environment. I need to be able to let people defer on a rolling basis and after a certain amount of attempts, kind of like Window Intune. That may be a whole other issue, though…

Emily,
If you search around you can find scripts that will pretty much let you do the updates the way you are describing. To match exactly what you want might take a little editing, but I do this based on a prompt my users can defer three times and then it is forced. Sorry for going off topic.

Anyone apply this patch to their JSS server(s) yet? I have applied it to our DPs but not the main servers as of yet. Outcome if you have patched?

I patched my OSX 10.6 with JSS 8.73 and it returns version 3.2.53. so far the server has been okay and it is being used today!

I patched one of our JSS servers this morning, no problems so far.

I am having a problem with my 10.8.5 smart group reporting the wrong version of the OS.

I used the same criteria for 10.9.5 and that is working but 10.8.5 is not working . Did anyone else see the same.

For 10.9.5, I downloaded on 10.9.5 and then used composer to create a source .

For 10.8.5 I just extracted the package because I did not have 10.8.5 0r 10.7.5 handy???
It says it success but when you check the bash version, it is not updated.

You shouldn't need Composer if you are using the Apple supplied patch. Just drag each .pkg (x3 if you have 10.7,8,9.5) into the Casper Admin Window.

I did run into an issue where the 10.8.5 patch would not run on a 10.8.5 machine....it turned out 10.8.5 wasn't enough for the .pkg, it actually wants "10.8.5 with the OS X Mountain Lion 10.8.5 Supplemental Update" http://support.apple.com/kb/DL1686. Apparently 10.8.5.1 would have been too easy.

I ran the 10.8.5 Combo update on the 10.8.5 machine and the patch worked after that.

So, 10.8.5 Supplemental is required, as I speculated here

@CasperSally

Just curious on how you packaged up the update on a 10.9.5 machine. I ran a Composer snapshot but after I ran the installer and finished running Composer it did not include any of the files that were supposedly installed. Checked the bash version and it was updated. I don't want to have to update all my 10.9.4 machines particularly since there have been reports of AD binding issues. Don't want to go down that road again.... Thanks

TimC (for some reason Jamfnation won't let me @ reply you) - I opened the package in Pacifist looking for the part that requires 10.9.5 to edit it to 10.9.4 but I couldn't find it, unfortunately. It did give a nice visual of exactly what files are included in the package.

So on test machine, I installed combo update 10.9.5, then used composer to do a new/modified snapshot and it came back with every file that showed in Pacifist. I did have to delete some extra junk (the negative of doing snapshots), but otherwise all was well. Maybe you didn't select new/modified snapshot?

Has anyone heard why this isn't being pulled into local SUSs? My SUS has pulled all the recent printer updates and 10.9.5 but not the bash updates.

I was under the impression that this was never pushed through the software update catalog from Apple.

Right. It has not shown up there, and may never show up. You're on your own for getting it and deploying it.
I would assume Apple is rolling this update into Yosemite though (I hope). I don't anticipate any new updates for 10.9 and lower at this point.
I don't get the decision to not have this show up in SUS though. It doesn't make much sense to me.

@mm2270 Seems like you're right but I still don't understand why they wouldn't push out a fix for a major bug.

Because apparently Apple doesn't view it as a major bug. Truth is, the actual impact to "normal" OS X users is fairly slim. The larger danger for the masses is connecting to possibly outdated and compromised routers or open connections. Since so many small devices out there use embedded Linux distros for their web enabled UI, its remotely possible some of them are using an old version of bash which is affected and could end up compromised.

Still, I agree that something like this really should just get put in Apple's SUS. There's no logical reason I can come up with not to do that, so Apple's decision is perplexing. Its a tiny patch and requires no reboot.

Hmmm, maybe they're still working on a final update that will be put onto SUS.

Has anyone had success installing the latest security update 2014-005 Mavericks on slightly older OS versions (i.e. 10.9.4) ?

http://support.apple.com/kb/DL1772