Do we know if c-ares (indirectly) uses __nss_hostname_digits_dots() from
glibc? If so, we may want to roll out a new .deb and .rpm that was built
against an updated glibc.
More info about the vulnerability:
http://ma.ttias.be/critical-glibc-update-cve-2015-0235-gethostbyname-calls/
-- Daniel
Received on 2015-01-28