Please don’t over hype the vulnerability. Here’s the quick and dirty things you need to know.
1.CVE-2015-0235 is a remote code execution vulnerability affecting Linux systems using older versions of the GNU C Library (glibc versions less than 2.18).
2.glibc is a core component of Linux used to implement C libraries.
3.Patch existed in 2013 and is included with glibc-2.18.
4.It’s not another Heartbleed; the attack surface is still largely unknown.
5.Capable of remote or local execution.
6.In contrast to a vulnerability like Heartbleed, this issue is not always exploitable. In fact,
in a general sense, this is not an easy bug to exploit.
a.Only one easily-exploitable case has been identified so far, Exim Mail Server.
7.This issue is difficult to test for, as the full attack surface is not yet known.
a.Glibc Version checks:
ii.root$ ldd –version
8.Deep dive here: http://www.openwall.com/lists/oss-security/2015/01/27/9