Last week, the FSF announced, “A major security vulnerability has been discovered in the free software shell GNU Bash. The most serious issues have already been fixed, and a complete fix is well underway. GNU/Linux distributions are working quickly to release updated packages for their users. All Bash users should upgrade immediately, and audit the list of remote network services running on their systems.” The bug is being referred to as “shellshock.”
BASH is the shell for the GNU project. (Some of you may remember shells in the form of the “DOS prompt” — a shell is a program that allows the user to give direct commands to the operating system.) The GNU project provides tools for the Linux kernel, and therefore GNU code is in all major Linux distributions. The GNU project is run by the Free Software Foundation.
The vulnerability was quickly addressed. Unlike the project involved in the “Heatbleed” bug, BASH is a more organized and well-funded effort of the Free Software Foundation.