I've made some testing around CVE-2014-7169 and CVE-2014-6271 vulnerability issues on vm10iea0050 - IEA machine: admin@vm10iea0050 ~ $ bash --help GNU bash, version 3.1.17(1)-release-(i686-redhat-linux-gnu) Usage: bash [GNU long option] [option] ... admin@vm10iea0050 ~ $ env x='() { :;}; echo vulnerable' bash -c "echo this is a test" vulnerable this is a test admin@vm10iea0050 ~ $ cd /tmp; rm -f /tmp/echo; env 'x=() { (a)=>\' bash -c "echo date"; cat /tmp/echo bash: x: line 1: syntax error near unexpected token `=' bash: x: line 1: `' bash: error importing function definition for `x' Fri Sep 26 10:19:34 PDT 2014 admin@vm10iea0050 /tmp $ env 'x=() { :;}; echo vulnerable' 'BASH_FUNC_x()=() { :;}; echo vulnerable' bash -c "echo test" vulnerable bash: BASH_FUNC_x(): line 0: syntax error near unexpected token `)' bash: BASH_FUNC_x(): line 0: `BASH_FUNC_x() () { :;}; echo vulnerable' bash: error importing function definition for `BASH_FUNC_x' test After I updated the bash, system became invulnerable to CVE-2014-7169: _____________________________________________________________________________________________________ root@vm10iea0050 ~ # yum update bash admin@vm10iea0050 ~ $ bash --help GNU bash, version 3.2.25(1)-release-(i386-redhat-linux-gnu) admin@vm10iea0050 ~ $ env x='() { :;}; echo vulnerable' bash -c "echo this is a test" this is a test admin@vm10iea0050 /tmp $ cd /tmp; rm -f /tmp/echo; env 'x=() { (a)=>\' bash -c "echo date"; cat /tmp/echo date cat: /tmp/echo: No such file or directory $ env 'x=() { :;}; echo vulnerable' 'BASH_FUNC_x()=() { :;}; echo vulnerable' bash -c "echo test" bash: warning: x: ignoring function definition attempt bash: error importing function definition for `BASH_FUNC_x' test So to make your system invulnerable to CVE-2014-7169 just run # yum update bash As for CVE-2014-6271 the patch for this issue is incomplete at the moment.