I just updated this on a CentOS 6 box, and it broke the server. After I rebooted, it never came online. Luckily it was a backup server, so it's not critical. Right now I'm just waiting for the customer to contact iweb to figure out what went wrong. This is a vanilla server with just some of my software installed (which couldn't possibly have prevented the server from rebooting).
Obviously there is some dependency that they forgot to add, so I would hold off on updating anything unless you don't really care if the server is offline for a while.
changelog: * Mon Jan 19 2015 Siddhesh Poyarekar <siddhesh@redhat.com> - 2.12-1.149.5 - Fix parsing of numeric hosts in gethostbyname_r (CVE-2015-0235, #1183533).
Qualys GHOST program returns "not vulnerable" after the upgrade.