We wanted to let you know that today, a critical vulnerability in bash(Bourne-Again-SHell) was disclosed by Stephane Chazelas. This vulnerability is so critical that even if you have Two-Factor Authentication an attacker would be able to by-pass the two-factor verification and execute commands remotely on your server. We recommend you update now. Here's a few things to help you: To test if you are vulnerable you can use the following command: env t='() { :;}; echo You are vulnerable.' bash -c "true" If it prints "You are vulnerable" you need to upgrade as soon as possible. Patches for the major Linux distributions have been already released. If you are using a Ubuntu or Debian type the following commands to apply the security patch: apt-get update apt-get upgrade If you are using RedHat, CentOS or Fedora type the following commands to apply the security patch: yum clean all yum update bash If you want to know more about this vulnerability please read the following thread on the oss-sec mailing list: http://seclists.org/oss-sec/2014/q3/650