SynopsisThe remote Debian host is missing a security-related update.
DescriptionStephane Chazelas discovered a vulnerability in bash, the GNU Bourne-Again Shell, related to how environment variables are processed. In many common configurations, this vulnerability is exploitable over the network, especially if bash has been configured as the system shell.
SolutionUpgrade the bash packages.
For the stable distribution (wheezy), this problem has been fixed in version 4.2+dfsg-0.1+deb7u1.