There is a new remote vulnerability in glibc under CVE-2015-0235. The bug is in __nss_hostname_digits_dots() function, which is used by the gethostbyname().
It is a buffer overflow vulnerability, that allows attacker to execute arbitrary code.
Updated packages had been relesed for CL6 & CL5. Please, make sure to update.
Updated CL5 GLIBC version:
Updated CL6 GLIBC version:
$ yum update glibc
So far there is a proof of concent that can use this vulnerability against Exim servers. While initial investigation by Qualys reports that there is no way to exploit following services to the best of their knowledge, we still recommend to update for everyone.
apache, cups, dovecot, gnupg, isc-dhcp, lighttpd, mariadb/mysql,
nfs-utils, nginx, nodejs, openldap, openssh, postfix, proftpd,
pure-ftpd, rsyslog, samba, sendmail, sysklogd, syslog-ng, tcp_wrappers,