I’m pretty sure the ASA is running linux - let me check - ayup. 
Windows shops are moving to RDS these days, which might cut into ASA sales a bit. HyperV licensing is so dirt cheap that better virtualization environments don’t make good financial sense, and you can run your RDS cluster out of a hyperV backend. But there are ridiculous numbers of ASAs out there running site-to-site and ad-hoc VPNs and providing enterprise firewalling (sometimes, all in the same box) so their decreasing use as web portals won’t have a huge impact.
The CVSS on the ASA vulnerability is a TEN, just like the glibc bug, but here we are ten days after the ASA bug announcement and there’s no patch that doesn’t break something else*. I think that’s a bit more worrisome than a glibc bug that’s trivially patchable, personally. Especially when you realize that rebooting DNS servers is something you can do while they are in use, the clients will just fail over to another server transparently - but that’s not true of ASAs.
(But I’m still not terrified of the ASA bug either, I’m just mightily annoyed.)
*Edit: we have 9.4(2.6) running now which seems to be working.
