How to patch vulnerability of bash in Altera Cygwin (Shellshock bug)

cygwin (https://cygwin.com/ml/cygwin-announce/2014-10/msg00004.html) is included in several Altera tooling. It is a Unix-like environment within Windows. Therefore I post this question in "Other Operating Systems".

The bash shell that comes with Altera tooling such as Quartus and EDS is vulnerable for the shellshock (http://en.wikipedia.org/wiki/shellshock_%28software_bug%29) bug.

We are using several older and newer Altera versions: 9.1, 11.0sp1, 12.1sp1, 13.1 and 14.0. The bash shells that come with this tooling are all vulnerable.

Does anyone know how to patch them? Can I replace an older bash with the newest one with backwards compatibility? Will the older toolchains still work?

To test if bash is vulnerable start the "Nios II Command Shell.bat" or "Embedded_Command_Shell.bat" and run the following command within it:

env 'x=() { echo vulnerable; }' bash -c x

If it prints "x: command not found", your version of bash is safe and not subject to remote exploits. If it prints "vulnerable", you need to upgrade.

We have the following versions:

C:\altera\91\nios2eds\Nios II Command Shell.bat

C:\altera\11.0sp1\nios2eds\Nios II Command Shell.bat

C:\altera\12.1sp1\nios2eds\Nios II Command Shell.bat

C:\altera\13.1\nios2eds\Nios II Command Shell.bat

C:\altera\14.0\embedded\Embedded_Command_Shell.bat

C:\altera\14.0\nios2eds\Nios II Command Shell.bat