Bash is a command processor, allowing the user to type commands which cause actions on the server. As such, in the wrong hands it can be disastrous, which is why this particular vulnerability is very serious.
The NIST vulnerability database rates the flaw 10 out of 10 in terms of severity. Jim Reavis, chief exec of the Cloud Security Alliance, claims the hole is comparable in seriousness to the infamous password-leaking Heartbleed bug in the OpenSSL library that was uncovered earlier this year. This vulnerability also affects Apple's OS X – and is useful for privilege escalation.
The good news is, at least for Linux servers, is that a patch/update to bash was released earlier today, and it's a very simple fix. By "very simple" I mean it took less than 5 minutes to accomplish, so there is no reason for any hosting server admin to not apply this fix. OS X users may have a harder time patching your system.
But if you're one of our hosting customers... we've got you covered.
