In short, versions of bash as far back as 1.14.0 (From July 1994!) up to 4.3 processes code after function definitions in the values of environment variables, which would potentially allow remote-attackers to execute arbitrary code by sending specially crafted communications to vulnerable servers.
How can I fix this?
If you have a managed server, our engineering team are already all-over this, and you’ll probably find that your server has already been patched.
If not the solution is (thankfully) pretty straight forward (assuming you’re using a supported version of your distro of choice!). We’ve made a nifty little script that should (in most circumstances) check for the vulnerabilities and new, patched versions of bash. Running this one-liner as root or via ‘sudo’ should be all you need to do!
$ wget http://melbourne.co.uk/resources/downloads/scripts/shellshock_fix.sh -O- | sudo -i bash
For more technical information on this, you can read this blog post which explains the bug in more detail.