'Okay we got it THIS time'
By Darren Pauli, 30 Sep 2014 "A third patch, from Red Hat engineer Florian Weimer, has been released for the vulnerable Bash Unix command-line interpreter, closing off flaws found in two previous fixes.Weimer's unofficial fix was adopted upstream by Bash project maintainer Chet Ramey and released as Bash-4.3 Official Patch 27 (bash43-027) which addressed a bunch of previously undisclosed flaws including two remote exploit bugs.
The first patch (CVE-2014-6271) released Wednesday when the Shellshock flaw dropped was rapidly bypassed. An ensuing fix failed to stop underlying and newly-discovered holes that may have resulted in security vulnerabilities.
The latest bug closed off remote code execution found after the second patch was applied which has not been made public."
Full Article