There is an other severe security issue in almost every device that is running Linux or BSD. The GNU bash shell is vulnerable as it will execute random commands from the shell environment. IPFire is – as every other distribution as well – vulnerable to this issue filed under CVE-2014-6271 and a fix has been applied to the code yesterday.
Unfortunately, this patch does not fix the problem completely. As soon as there is a proper fix that resolves the problem and has been well tested, we will release the next Core Update.
Until then, we are tracking the issue on the IPFire bugtracker under bug id #10631.