CVE-2014-6271 fix for ubuntu bash

gistfile1.yml

---
- hosts: all
  user: root
  sudo: true

  tasks:
    - name: update apt
      command: apt-get update

    - name: update bash
      command: apt-get --only-upgrade install bash

    - name: check bash fix
      command: env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
      register: command_result
      failed_when: "'error' not in command_result.stderr"

There's nothing in this playbook that first ensures the security sources are installed in ubuntu 12. Perhaps the lack of those sources is the issue for @aarongolub.

On Debian Squeeze (approximate to Ubuntu 12), I had to do this first. I don't know what the equivalent ubuntu security sources would be, but that would be the first place I would check @aarongolub.

sudo apt-get install debian-keyring debian-archive-keyring
sudo cat>>/etc/apt/sources.list.d/security.sources.list<<'EOF'
deb http://http.debian.net/debian/ squeeze-lts main contrib non-free
deb-src http://http.debian.net/debian/ squeeze-lts main contrib non-free
EOF
sudo apt-get update
sudo apt-get upgrade
sudo apt-get install debian-security-support
sudo check-support-status
env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
foo='() { echo not patched; }' bash -c foo

As for the last task, you could use the shellshocker site script to easily check if all vulnerabilities were resolved by doing:

- name: check vulnerability status fix
  shell: curl https://shellshocker.net/shellshock_test.sh | bash
  register: command_result

- debug: var=command_result.stdout_lines