Shellshock dubbio

@Alien_X, controlla tu stesso:

apt-get changelog bash

questi gli ultimi due aggiornamenti:

bash (4.3-7ubuntu1.3) trusty-security; urgency=medium

  * Updated debian/patches/CVE-2014-7169.diff to also patch y.tab.c in
    case it doesn't get regenerated when built (LP: #1374207)

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Thu, 25 Sep 2014 21:20:03 -0400

bash (4.3-7ubuntu1.2) trusty-security; urgency=medium

  * SECURITY UPDATE: incomplete fix for CVE-2014-6271
    - debian/patches/CVE-2014-7169.diff: fix logic in parse.y.
    - CVE-2014-7169

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Thu, 25 Sep 2014 02:06:49 -0400

L'ultimo non è di sicurezza, il penultimo invece fa riferimento a CVE-2014-6271, e una rapida ricerca in rete fornisce come primo risultato http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271

Vulnerability Summary for CVE-2014-6271
Original release date: 09/24/2014
Last revised: 09/26/2014
Source: US-CERT/NIST
Overview
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.

Quindi non questo, ma il precedente aggiornamento aveva affrontato il problema.