A new update is available for the SAS University Edition that addresses CVE 2014-6271, also known as the Bash or "Shellshock" vulnerability. Since SAS University Edition has locked down the network and shell command access, the vulnerability is minimal. However, SAS recommends that all users apply the update to their existing SAS University Edition vApp.
See http://support.sas.com/software/products/university-edition/faq/vmapp_update.htm for instructions on how to update the SAS University Edition.
You can always refer to http://support.sas.com/software/products/university-edition/faq/release_notes.htm for information on updates available to SAS University Edition.