For CVE-2014-6271 the following requires action from our customers

For CVE-2014-6271 the following requires action from our customers:

Amazon Linux AMI – A fix for CVE-2014-6271 has been pushed to the Amazon Linux AMI repositories, with a severity rating of Critical.

Our security bulletin for this issue is here — https://alas.aws.amazon.com/ALAS-2014-418.html
By default, new Amazon Linux AMI launches will install this security update automatically.
For existing Amazon Linux AMI instances, you will need to run the command:

$ sudo yum update bash

The above command will install the update. Depending on your configuration, you may need to run the following command:

$sudo yum clean all

For more information, please see https://aws.amazon.com/amazon-linux-ami/faqs/#auto_update