An Invalid-free() flaw was found in the getaddrinfo() syscall of glibc. The bug only materializes if the getaddrinfo functions is called with the AI_IDN flag, and if glibc has been compiled with libidn support. This flaw was fixed in glibc-2.15 via the following commit: https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=2e96f1c7
Filed a CVE request at: http://seclists.org/oss-sec/2015/q1/306
This issue has been addressed in the following products: Red Hat Enterprise Linux 5 Via RHSA-2015:1627 https://rhn.redhat.com/errata/RHSA-2015-1627.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2014:1391 https://rhn.redhat.com/errata/RHSA-2014-1391.html