Heard of the heartbleed bug? This one's an even bigger deal. Apparently, there's a newly discovered exploit in the BASH command line that interprets a string of characters or a string variable as an actual command in a very specific syntax.
Been a while since I've used BASH scripting, so this syntax isn't exactly fresh in my head, but it still looks familiar.
Enough to make me think twice about running an outdated version of GNU/Linux. Much more alarming for system admins and web servers that use GNU tools, or for users who log in regularly to web servers that use GNU tools.