Read all about it in:
Oracle’s Security Alert for ShellShock.
It also lists Oracle products that are affected and do not have fixes available at this time…
Next Doc ID provides a listing of Oracle Linux patches (minimal Bash versions) required to resolve security vulnerabilities referenced by CVE-2014-6271 and CVE-2014-7169:
CVE-2014-6271 and CVE-2014-7169 Patch Availability Document for Oracle Linux (Doc ID 1930120.1).
These versions can be found, downloaded and YUM-ed from Oracle’s public yum server: