Florian Weimer and Todd Sabin discovered that the Bash parser incorrectly handled memory. An attacker could possibly use this issue to bypass certain environment restrictions and execute arbitrary code. (CVE-2014-7186, CVE-2014-7187)
In addition, this update introduces a hardening measure which adds prefixes and suffixes around environment variable names which contain shell functions.