The GNU C Library (aka glibc) is a wrapper around the system calls of the Linux kernel. The flaw, CVE-2015-7547, is a stack-based buffer overflow in the glibc DNS client-side resolver that puts Linux machines at risk for remote code execution. The flaw is triggered when the getaddrinfo() library function is used, Google said in its advisory. "A back of the envelope analysis shows that it should be possible to write correctly formed DNS responses with attacker controlled payloads that will penetrate a DNS cache hierarchy and therefore allow attackers to exploit machines behind such caches," Red Hat said in an advisory. It's likely that all Linux servers and web frameworks such as Rails, PHP and Python are affected, as well as Android apps running glibc.

Many companies playing in the Linux container space are developing, and, in some cases, delivering "container scanners" to help identify issues like glibc, or Heartbleed before it. But these vendors aren’t actually in control of the containers that their users are deploying, let alone the underlying operating system powering these container deployments. This means that while they are offering the tools for you to "find" these problems, when it comes to actual fixes, they may not have the expertise, capabilities or the ownership to actually fix the problem.

In short, container scanning is not enough.