I hope SUSE/openSUSE bash packager/maintaners are following this.
I have tested 12.3 13.1 13.2 beta and factory all of them are vulnerable :(.
The patch is out upstream, already fix by chet but it still did not reach openSUSE/SUSE repos.
The thing is, if the patch went through the update then it may or may not break some system packages including bash it self at least according to that thread.
Code:
https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/The patch is out upstream, already fix by chet but it still did not reach openSUSE/SUSE repos.
The thing is, if the patch went through the update then it may or may not break some system packages including bash it self at least according to that thread.