Bash "shellshock" vulnerability

A security problem with Bash was publicly disclosed on Wednesday, 9/24. Bash is a very popular operating system component known as a "shell" that comes with all versions of Linux and Mac OSX, as well as other systems. While this vulnerability has been present for many years, it was only discovered recently. As soon as IMSS became aware of the problem on 9/24, core IMSS systems were immediately patched. Less critical systems were patched or mitigated by the following day 9/25. As updates become available, IMSS strongly urges you to apply security updates to any computers you personally run.

For older versions of OSX where official patches aren't available, here are some instructions for patching bash:

US CERT advisory:

Plain-English explanation of the nature of the vulnerability, in a 4-minute video:

Caltech has a mailing list for announcing computer security issues to campus system administrators and other interested parties: