Read all about it in:
It also lists Oracle products that are affected and do not have fixes available at this time…
Next Doc ID provides a listing of Oracle Linux patches (minimal Bash versions) required to resolve security vulnerabilities referenced by CVE-2014-6271 and CVE-2014-7169:
CVE-2014-6271 and CVE-2014-7169 Patch Availability Document for Oracle Linux (Doc ID 1930120.1).
These versions can be found, downloaded and YUM-ed from Oracle’s public yum server: