Bash vulnerability CVE-2014-6271

On September 25, 2014, serious vulnerabilities in bash (CVE-2014-6271) were discovered, allowing arbitrary code execution using specially-crafted environment variables. Buildbox, a platform for automating build processes, has taken steps to protect its customers by updating all copies of bash on their servers and blocking potentially dangerous environment variable values in the job system. However, users are urged to update bash on their own build servers as well. Steps include using specific commands depending on the user's operating system (Ubuntu/Debian, CentOS/Redhat, or OS X), ensuring the Buildbox-agent runs with minimal privileges, and keeping accounts secure. Monitoring the situation and updating servers as necessary is also advised.