This is not a YAWN
This is a PAY ATTENTION, GET INFORMED, REMEDIATE ASAP
Google’s already got remote code execution working with this one (on boxes with NX/ASLR enabled). That’s terrifying.
This is a bug in every unpatched Linux distro from the last 8 years that uses glibc. That’s a whole bunch of things. This is a bug in a call in glibc that’s used all over the place. When you can get stack buffer overflows in Perl, Python, Ruby, Java, JS, Haskell, sudo, MySQL, and Apache that’s bad. When that’s actually a really short list out of a far more extensive one it’s really bad. That’s widespread.
Admins need to know that they need to remediate this beast rapidly, and if it takes scaring them into recognizing that this is one to pay attention to, that’s okay by me. The alternative is admins that don’t pay attention and leave hosts that get pwn3d and at best wind up serving in botnets that add yet another layer of terrifying, widespread internet breakage.
