On September 24th, 2014 an error has been found in the GNU Bash program. Not patched GNU Bash 4.3 and earlier contains a command injection vulnerability that may allow remote code execution.
In most used distributions like Debian and Centos there is already available upgrade package. For install this update follow these steps:
- after login via SSH
if system not contains yum, download package bash from CentOS repozitory and update by command
Official repozitory you can find here CentOS 5, CentOS 6
- In the Power Panel software center:
please see article Correction of SSL critical error. The procedure is identical.
For dedicated servers with Debian/Ubuntu installations upgrade an application by command
apt-get install --only-upgrade bash
For more infromations see for example Wikipedia article Shellshock (software bug)