DSA-2503 bcfg2 - shell command injection

It was discovered that malicious clients can trick the server
component of the Bcfg2 configuration management system to execute
commands with root privileges.