This morning (26-09-2014) there is a new patch released for the Shellshock bug in bash.
More information about the bug :
https://access.redhat.com/node/1200223
https://access.redhat.com/security/cve/CVE-2014-7169
To test if you are really vulnerable use the following commands :
Before updating bash :
[root@ ~]# env t='() { :;}; echo You are vulnerable.' bash -c "true"
You are vulnerable.
[root@ ~]#
After updating bash :
[root@ ~]# env t='() { :;}; echo You are vulnerable.' bash -c "true"
[root@ ~]#
After updating a CentOS 4 machine :
[root@ ~]$ env t='() { :;}; echo You are vulnerable.' bash -c "true"
bash: warning: t: ignoring function definition attempt
bash: error importing function definition for `t'
[root@ ~]$
To update your OS, use the following commands :
CentOS: yum update bash
CentOS: yum update bash
Ubuntu/Debian: sudo apt-get update && sudo apt-get install bash
FreeBSD: sudo pkg update && sudo pkg install bash (patched version not yet available, update: version 4.3.25_1 is available )
ArchLinux: pacman -S bash
Fedora: su -c yum update bash
OpenBSD: sudo pkg_add -i -v bash
As for CentOS 4, there is no update available.
But RedHat did release a source RPM with the bugfix for extended support customers.
The source RPM is downloadable from oracle ( https://oss.oracle.com/el4/SRPMS-updates/bash-3.0-27.0.2.el4.src.rpm ) or this link.
You have to compile it yourself to get this patched version.