ITworld | January 27, 2015
The discovery was made by Qualys, a cloud security company. The hole impacts any Linux system built with glibc-2.2 released on November 10, 2000. The vulnerability, called GHOST (CVE-2015-0235), is triggered by the gethostbyname function.
Actually there was a patch released back on May 21, 2013, between the releases of glibc-2.17 and glibc-2.18. However it was not considered to be a security risk and thus major Linux distributions that offer long term support and get security updates remained vulnerable, including Debian 7 (wheezy), Red Hat Enterprise Linux 6 & 7, CentOS 6 & 7 and Ubuntu 12.04.