Spotted last year, but never patched. http://www.bit-tech.net/news/bits/2016/02/17/gnu-linux-glibc-vulnerability/1
Hmmmm.... Is this only an issue using SSH or does the glibc bug propegate in such a way that it causes practical security issues on all glibc-based devices, whether or not SSH is installed? I'm thinking particularly about routers/modems in particular
If something uses glibc's DNS resolution, it's vulnerable. Thankfully, there are mitigations: it's not easy to exploit, it's even harder to exploit in a manner that executes code rather than just crashes the system, and most embedded devices don't use glibc 'cos it's a beast. While there *are* routers/firewalls/etc that use glibc, they're in the minority; most use uClibc, 'cos it's smaller. Likewise, anything that has its own DNS resolution code, even if it uses glibc for everything else, is safe. You can also protect a system without upgrading glibc (if you want to, though the proper fix is of course to upgrade glibc) by filtering DNS queries with a firewall or dnsmasq or similar.