At this time, both Debian and RedHat have released patches for this exploit and it is recommended that you update your servers with the latest versions of bash at this time. A reboot is not necessary but running "ldconfig" has been recommended as a precaution (a reboot is still recommended by RedHat just to be safe).
For more information regarding this exploit, you can read this RedHat article here: https://access.redhat.com/articles/1200223
Just to clarify, there was a patch released early yesterday but it was incomplete. We were informed that RedHat and Debian both completely patched the exploit less than an hour ago. Our first priority was to patch all of our servers and then send this communication to our clients. We have noticed that not all CentOS and Debian repositories have the latest bash update so please check the version numbers to be 100% sure you have the right versions. You can check the versions using the following links:
RedHat (CentOS) - https://rhn.redhat.com/errata/RHSA-2014-1306.html
Debian - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762760#56
If you have any questions regarding this you are welcome to contact us and we may be able to answer them but there is a more active discussion that has more answers than we can provide here: http://www.webhostingtalk.com/showthread.php?t=1414839
Safe patching to all.
-The Secure Dragon Staff
Friday, September 26, 2014
