VMware security response is aware of the security vulnerability in bash known as “Shell Shock” disclosed today (CVE-2014-6271, CVE-2014-7169). We are currently investigating the issue.

9/25 Update
We’ve published VMware Knowledge Base article 2090740, which provides the current state of our investigation into the bash issue. The article will be updated when we know more.

9/26 Update
We’ve updated VMware Knowledge Base article 2090740 and added a list of Virtual Appliances that are going to be re-released with a fix for the bash issue.

9/27 Update
We’ve added ESX(i) 4.0 and ESX(i) 4.1 to VMware Knowledge Base article 2090740. In an exception to the existing VMware lifecycle policy, we will release patches for ESX 4.0 and ESX 4.1 which are out of support. ESXi 4.0 and ESXi 4.1 are not affected.

9/30 Update
VMware Knowledge Base article 2090740 now points to VMware Security Advisory VMSA-2014-0010 which lists VMware product updates and patches that address the bash issue.