During a code audit, Qualys researchers discovered a buffer overflow in the __nss_hostname_digits_dots() function of glibc. This bug can be triggered by the GetHOST functions both locally and remotely. Applications have access to the DNS resolver primarily through the gethostbyname*() set of functions and these functions convert a hostname into an IP address. Risk wise, an attacker who exploits this issue can gain complete control of the compromised system.
Red Hat issued CVE-2015-0235, which addresses the vulnerability for RHEL6/7. All glibc users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.