I remediated it before it went public, across two sites and my home network. Hell, I’ve already patched the glibcs on all the non-production non-DNS servers at this point, and will have finished the production ones by this weekend.
Yawn yawn. This crap happens all the time. It’s not terrifying. And if somebody needs to be terrified in order to promptly apply an important patch, frankly they are already unsuited to their level of responsibility, and scaring them isn’t going to work for ever. It’s unlikely to do any good in the long run.
EDIT: The Cisco ASA vulnerability is a lot more annoying; if you patch up to date in order to avoid it, your portal stops working for SMB file transfers. Hmmm, permit a known exploitable remote vulnerability or make a mission-critical box completely unable to perform a primary function? What do you think the pointy-haired bosses will say to that? Makes glibc bugs that have working patches available seem a lot less than “terrifying”.
