A remotely exploitable vulnerability in bash has been discovered by Stephane Chazelas. The vulnerability has the CVE identifier CVE-2014-6271 and has been given the name Shellshock by some. This affects Debian as well as other Linux distributions. The vulnerability arises from the fact that you can create environment variables with specially-crafted values before calling the Bash shell. These variables can contain code, which gets executed as soon as the shell is invoked. The name of these crafted variables does not matter, only their contents. As a result, this vulnerability is exposed in many contexts.

This issue affects all software that uses the Bash shell and parses values of environment variables. This issue is especially dangerous as there are many possible ways Bash can be called by an application. Quite often if an application executes another binary, Bash is invoked to accomplish this. Because of the pervasive use of the Bash shell, this issue is quite serious and should be treated as such.

However, there is nothing to worry about as a patch has been issued. It is recommended to install it using your system software manager.

Bash Patch

You can verify the upgrade by running the following command. You should receive “Not vulnerable”.

$env check=’Not vulnerable’ x='() { :;}; check=Vulnerable’ bash -c ‘echo $check

Read more : https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/