This is relevant for peerbox users too.
I’ve updated bash manually via pacman. Let’s see what peerchemist recommends.
I just read that the update is not enough, still vulnerable but less severe:
https://access.redhat.com/articles/1200223
https://bugzilla.redhat.com/show_bug.cgi?id=1141597#c24
Red Hat has become aware that the patch for CVE-2014-6271 is incomplete. An attacker can provide specially-crafted environment variables containing arbitrary commands that will be executed on vulnerable systems under certain conditions. The new issue has been assigned CVE-2014-7169. Red Hat is working on patches in conjunction with the upstream developers as a critical priority. For details on a workaround, please see the FAQ below.Red Hat advises customers to upgrade to the version of bash which contains the fix for CVE-2014-6271 and not wait for the patch which fixes CVE-2014-7169. CVE-2014-7169 is a less severe issue and patches for it are being worked on.
there is no reason to panic, that is how much I can say now. Ill investigate this further
Ok. If you are Peerbox user, you can ignore this and move on with your life. Your coins in Peerbox are safe
peercoin-raspi-desktop with gui is also safe, since it’s completely closed up with a firewall. Also, there is no ssh, ftp or http access, so a remote attack isn’t possible. It wouldn’t hurt to update every once in a while though, with the ‘update my pi software’ shortcut.