There’s a critical vulnerability in the Bourne Again Shell, commonly referred to as ‘bash’, the most common shell binary in many BSD and Linux distributions.
This vulnerability is crucial because it allows code injection via environment variables. Below are links on how to update common distributions.
If you have CentOS, simply use: yum update when logged in as root to update bash. You can also follow the operating system specific instructions below, in many cases a simple automated update command is all that’s needed.
We urge all customers of Host Virtual and linux users alike to patch & update their systems as soon as possible
Linux OS Specific Instructions to Update Bash:
UPDATE: Red Hat has become aware that the patch for CVE-2014-6271 is incomplete. An attacker can provide specially-crafted environment variables containing arbitrary commands that will be executed on vulnerable systems under certain conditions. The new issue has been assigned CVE-2014-7169. Red Hat is working on patches in conjunction with the upstream developers as a critical priority. Updates to follow on our blog.