2014/9/24 4:00 PM PDT - Update -
For CVE-2014-6271 the following requires action from our customers:
Amazon Linux AMI – A fix for CVE-2014-6271 has been pushed to the Amazon Linux AMI repositories, with a severity rating of Critical.
Our security bulletin for this issue is here -- https://alas.aws.amazon.com/ALAS-2014-418.html
By default, new Amazon Linux AMI launches will install this security update automatically.
For existing Amazon Linux AMI instances, you will need to run the command:
sudo yum update bash
The above command will install the update. Depending on your configuration, you may need to run the following command:
sudo yum clean all
For more information, please see https://aws.amazon.com/amazon-linux-ami/faqs/#auto_update
We will continue to provide updates in this security bulletin.
2014/9/24 9:00 AM PDT
We are aware of CVE 2014-6271 made public September 24th at 7AM PDT. We are currently reviewing AWS environments and will update this bulletin with more details shortly.