This advisory just came out from Mark Maunder of Wordfence Security plug in:
A serious vulnerability in the bash shell has been disclosed. Bash will execute any trailing code after a function definition contained in an environment variable.
If you manage a Linux WordPress server, an update for Bash has been released today for most major Linux distributions. Update immediately. If you don’t run a server but are using a hosting provider it’s likely your host is aware of this issue already and has already upgraded their systems to protect you.
For more information please visit the Wordfence blog where I’ve included details of the vulnerability, how to test if you’re vulnerable, how to fix the issue and some details on how it works.