From Wikipedia:
Shellshock, also known as Bashdoor, is a family of security bugs in the widely used Unix Bash shell, the first of which was disclosed on 24 September 2014. Many Internet-facing services, such as some web server deployments, use Bash to process certain requests, allowing an attacker to cause vulnerable versions of Bash to execute arbitrary commands. This can allow an attacker to gain unauthorized access to a computer system.
Details: : http://en.wikipedia.org/wiki/Shellshock_(software_bug)
And: https://shellshocker.net/
And: http://blog.cloudflare.com/inside-shellshock/ for some understanding on how hackers are exploiting the bug
UMP and Shellshock:
Shellshock affects running the Bash shell. UMP is currently supported on Linux and Unix systems which typically run the Bash shell. While UMP is not directly affected, the bug exposes the underlying system to attacks and its critical that the system is patched. Please contact your OS provider to get the required patches and update them immediately.
Conclusion:
The bug exposes the underlying system to attacks and its critical that the system is patched. Please contact your OS provider to get the required patches and update them immediately.