This article is misleading.<p>"First of all, this vulnerability has long been patched" - not true, it wasn't patched on RedHat and Debian until yesterday.<p>"many apps are not at risk" - so, what, nothing to worry about?<p>"the functions that are the subject of this vulnerability are obsolete" - obsolete they may be, but a ton of software still uses them.<p>"Taken together, the risk of actual exploits targeting GHOST is relatively small compared to other vulnerabilities like Shellshock or Heartbleed." - just because it is not widely known how to exploit this does not imply the risk is small. Let's wait until someone figures this out or the POC exploit is made public.
The fact that the patch has been out since May 2013 doesn't help if few systems have it installed.<p>Qualys has developed a PoC that runs arbitrary code against a sample target.