On Wednesday, September 24th, a new vulnerability (CVE-2014-6271) was announced in the widely used GNU Bourne Again shell and command language interpreter (aka Bash), which is the default shell for Red Hat Enterprise Linux, among others. After its announcement, we reviewed the severity and impact to Globus services, partner services and users. Soon thereafter, we posted details in our support forum, with continuing updates as we learn more. Overall, our assessment for the severity of the impact for this issue is low. The forum post does include some precautionary actions we recommend for administrators of Globus endpoints, and for Globus Toolkit services.
If you have any concerns about this issue, please contact our support team.