What is Ghost i.e security hole in the Linux?

[jd1008]

On 01/28/2015 07:17 PM, Tim wrote:
> Allegedly, on or about 28 January 2015, Doug sent:
>> ... A remote attacker able to call either of these functions could
>> exploit the flaw to execute arbitrary code with the permissions of the
>> user running the application....
> All these security flaws come with the usual "flaw allows escalation of
> privileges, able to execute arbitrary commands..." red flags, but rarely
> give an understandable note about how easily an external hack can begin
> the attempt while the user is doing something ordinary that exposes them
> to the thing.
>
> i.e. It's all jargon aimed at programmers.
>
> In the dim and distant past, when I had a brief dalliance with Windows
> before Linux became realistically usable, you'd commonly get warnings
> about flaws which gave understandable information.  e.g. Opening a
> malicious attachment, or even just reading a malicious email, with
> version of <particular> program less than x.y, allows the hacker to do
> destructive things to your system.
>
> I know I've vagued-up the example, but you've got a sample of something
> that you might actually do - simply read an email, not even do anything
> with the attachments, get a virus because your email program stupidly
> executes something embedded in it.  That's probably less of a risk to
> Linux users, because we've never had stupid software like Outlook or
> Outlook express.  But we've certainly got browsers with flash plug-ins
> installed, which (flash) has always been a security nightmare, and it's
> just not feasible to simply forbid it; so many websites that we
> regularly want to use would simply fail to work.
>
It's for our own good, Tim, to not know the tech details of how the 
exploit is accomplished :) :) :)
P.S. try not to feel like mushroom :) :)