Everything you need to know about the Shellshock Bash bug
Source: http://www.troyhunt.com/
What are the potential ramifications?
The potential is enormous – “getting shell” on a box has always been a major win for an attacker because of the control it offers them over the target environment. Access to internal data, reconfiguration of environments, publication of their own malicious code etc. It’s almost limitless and it’s also readily automatable. There are many, many examples of exploits out there already that could easily be fired off against a large volume of machines.
Unfortunately when it comes to arbitrary code execution in a shell on up to half the websites on the internet, the potential is pretty broad. One of the obvious (and particularly nasty) ones is dumping internal files for public retrieval. Password files and configuration files with credentials are the obvious ones, but could conceivably extend to any other files on the system.
Likewise, the same approach could be applied to write files to the system. This is potentially the easiest website defacement vector we’ve ever seen, not to mention a very easy way of distributing malware
Read more: http://www.troyhunt.com/2014/09/everything-you-need-to-know-about.html
Haven't seen anything posted on this. While most home users are not affected, the internet services you use are going to be affected. What is alarming is the simplicity of the exploit and its broad nature.
Vulnerability Summary for CVE-2014-6271
Original release date: 09/24/2014
Last revised: 09/24/2014
Source: US-CERT/NIST
Overview
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution.
Impact
CVSS Severity (version 2.0):
CVSS v2 Base Score: 10.0 (HIGH) (AV:N/AC:L/Au:N/C:C/I:C/A:C) (legend)
Impact Subscore: 10.0
Exploitability Subscore: 10.0
CVSS Version 2 Metrics:
Access Vector: Network exploitable
Access Complexity: Low
Authentication: Not required to exploit
Impact Type: Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service
Official CVE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271
Concerns about patches here:
http://www.theregister.co.uk/2014/09/25/shellshock_bash_worm_type_fears/
= new reply since forum marked as read
Last I checked (before leaving work), I saw no official new patches for the follow-on vulnerabilities. If they've been released I'd appreciate a link 
Thanks!
I found this which leads to Red Hat's patches: http://www.mail-archive.com/ubuntu-bugs@lists.ubuntu.com/msg4501271.html
I have a machine I need to patch manually for various reasons, going to go try that now with the red hat patches
