Patch ShellShock Vulnerability
ShellShock is a Bash vulnerability, which allows bypassing environment restrictions in certain environments. See Ubuntu Security Notice USN-2363-1. And for more detailed description, see CVE-2014-7169.
This Bash bug can be potentially bigger than the Heartbleed bug, because Bash shell is usually the default shell for the user, and many commands will also spawn Bash to execute. See this answer http://askubuntu.com/a/528102 from StackOverflow.
Running the following command will determine if the system is vulnerable or not:
Luckily, this is relatively easy to patch. Simple
apt-get update && apt-get upgrade will patch the Bash with the latest security fix. For example, this is a patched Bash version:
This is for Ubuntu 12.04 LTS. If you are running Ubuntu 14.04 LTS, you have to
upgrade to Bash 4.3-7ubuntu1.3.