A critical vulnerability has been found in Bash, which affects almost all Linux/Unix distributions that use or have it installed. Luckily, there is a easy way to test to see if your version is vulnerable using a command line. Depending on your version of Linux, a patch may already be available and ready to install. Others way take a few days to issue a fix for your system.
For more information, see the following notice:
CVE-2014-6271, Bash Code Injection Vulnerability via Specially Crafted Environment Variables.
Testing for vulnerability
To test if your version of Bash is vulnerable to this issue, run the following command:
If you see the following output, your version is vulnerable and should be patched immediately:
If you see the following, your version is safe and unaffected:
To update your version of bash, you can use one of the following commands:
I’ve found that even the Mac OS X version of bash is vulnerable and needs to be patched. For this, you’ll need to wait for Apple to issue an update for the OS itself.
Apple has released a downloadable patch to update Bash on Mac OS X Mavericks (v10.9.5). The patch is also available for older versions of Mac OS X including OS X Lion v10.7.5, OS X Lion Server v10.7.5, and OS X Mountain Lion v10.8.5.