UPDATE: Packages that resolve both “shell shock” CVEs are now available.
It turns out that the fix for the previously reported Bash flaw CVE-2014-6271 (sometimes referred to as “shellshock”) was incomplete, and a new CVE (CVE-2014-7169) has been issued to track the vulnerability. The Red Hat Security blog post covering the issue has also been updated with details about this new CVE.
Here on the Fedora side of things, the Fedora Security team currently has another update in the works, and should be available shortly. We will update here on the Fedora Magazine once this new fix is available.