oss-sec: CVE-2014-6271: remote code execution through bash.
This is serious. Bash is the default shell used by most *nix users. Lots of public web servers out there will be vulnerable if not updated. Someone could write an exploit that infects one machine and turn that machine into an agent for infecting others.
Update (2014-09-25): Ok it is happening.
Update (2014-09-26): Everything you need to know about the Shellshock Bash bug
The headlines state everything through 4.3 or in other words, about 25 years’ worth of Bash versions
Update (2014-10-07): Winzip and possibly Yahoo has been compromised