Joyent Engineers are aware of the glibc (CVE-2015-7547) security vulnerability believed to be found in all versions of the glibc since 2.9. The glibc DNS client side resolver is vulnerable to a stack-based buffer overflow when the getaddrinfo() library function is used. Software using this function may be exploited with attacker-controlled domain names, attacker-controlled DNS servers, or through a man-in-the-middle attack.
For any Joyent customers using glibc in their Docker containers, LX zones, or KVM instances, it is advised to update glibc if you are on a vulnerable version. If the vulnerability is detected, a patch for this exploit, along with a more detailed technical explanation, is available here.
Please also check the notices applicable to the Linux Distro you are using for the necessary remedial actions, such as:
Centos/Red Hat/Fedora: https://access.redhat.com/security/cve/cve-2015-7547