CVE-2014-6271, a security vulnerability regarding remote code execution through bash, was disclosed on 9/24/2014. This vulnerability may potentially cause many breaches, due to its low difficulty of being exploited, and the wide use of bash in many CGI and SSH environments. Please see the following links for the detail and the patch information.

http://seclists.org/oss-sec/2014/q3/649
https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/

P.S., GNU should really work hard on the software security…