This week the “Shellschock Bug” was discovered. In many common configurations, this vulnerability is exploitable over the network, especially if bash has been configured as the system shell. Debian the base of Univention Corporate Server uses Bash as standard shell for user but executes scripts with Dash so attacks are quite unlikely. Nevertheless we fixed the bug for UCS with the Errata Update 213 yesterday.

http://errata.univention.de/ucs/3.2/213.html