For CVE-2014-6271 the following requires action from our customers:
Amazon Linux AMI – A fix for CVE-2014-6271 has been pushed to the Amazon Linux AMI repositories, with a severity rating of Critical.
Our security bulletin for this issue is here — https://alas.aws.amazon.com/ALAS-2014-418.html
By default, new Amazon Linux AMI launches will install this security update automatically.
For existing Amazon Linux AMI instances, you will need to run the command:
$ sudo yum update bash
The above command will install the update. Depending on your configuration, you may need to run the following command:
$sudo yum clean all
For more information, please see https://aws.amazon.com/amazon-linux-ami/faqs/#auto_update