The fix for CVE-2014-6271 was incomplete and command injection is possible even after the patch has been applied. The issue is being tracked as CVE-2014-7169 (Aftershock). Please log in to all of your Bitnami-based Linux VMs or cloud images and upgrade bash. If you are running an Ubuntu machine (and most likely you are) you can execute the following commands:
sudo apt-get update
sudo apt-get install bash
To test that you have successfully updated your installation, type:
env var='() {(a)=>\' bash -c "echo date"; cat echo; rm -f echo
If you get the following, you have successfully patched bash:
bash: var: line 1: syntax error near unexpected token `=' bash: var: line 1: `' bash: error importing function definition for `var' date cat: echo: No such file or directory
If you get the following (with the current date at the end), you are still vulnerable:
bash: var: line 1: syntax error near unexpected token `=' bash: var: line 1: `' bash: error importing function definition for `var' Fri Sep 26 09:20:00 UTC 2014
If you have further questions, please refer to our community forums or contact the helpdesk if you are a commercial Bitnami customer.
More information and possible updates on our wiki.