Patches are available to fix the bash vulnerability known as Shellshock, along with three additional security issues recently found in the bash shell. The patches are available for all major Linux distros as well as for Solaris, with the patches being distributed through the various distros.
After the patch is applied, there are a couple of commands that can be run from a terminal to ascertain that a system is no longer vulnerable. For details, see the article Steven J. Vaughan-Nichols has written for ZDNet. As yet, there is no patch available for OS X, although Apple says that one is on the way, while assuring its users that Mac systems aren’t vulnerable except for the most advanced users.
The good news about all this is that it demonstrates how quickly the Linux community can get the word out and then rally to engineer a solution when a security problem is discovered. The bad news is that not all Linux users listen. Too many users believe that the security features that are baked into Linux offer complete protection, no matter what. Unfortunately, that’s not the case. It never was, nor can it ever be.
My friend Andrew Wyatt, who spent time some years back as the founder and lead developer of the Fuduntu Linux distro, attempted to address this fact recently in a comment to an article on FOSS Force:
In a PR piece posted on Tuesday, 
With my verbal weapons cache set to full snark, I proceeded to dress the commenter down for the misplaced and unhelpful comment. I trimmed and honed every word so that my obvious displeasure at the opinion would not be mistaken for anything else.
Why is he quitting? Probably because he’s getting old and he can afford to retire; he turned 70 last month. Officially, according to him and the once and future king’s yes-men, it’s all part of carefully laid-out succession plans – meet-the-new-boss, the-king-is-dead and all that.
