A critical vuln has been discovered recently. Check for more information
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271
also you can check your server via shell with the command below.
env x='() { :;}; echo vulnerable!’ bash -c ””
a patched system output looks like this
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x’