[USN-1008-3] libvirt update

=== Ubuntu Security Notice USN-1008-3 October 23, 2010 libvirt update https://launchpad.net/bugs/665182 === A security issue affects the following Ubuntu releases: Ubuntu

[ MDVSA-2010:212 ] glibc

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2010:212 http://www.mandriva.com/security/

IPv6 security myths

Folks, I thought you might enjoy the slides of a talk about IPv6 security I gave last week at LACNOG (http://www.lacnog.org). The slides are available at: http://www.gont.com.ar/talks/lacnog2010/fgont-lacnog2010-ipv6-security.pdf They are also available at the LACNOG 2010 web site

Aardvark Topsite XSS vulnerability

Hi, I found XSS on Aardvark Topsites PHP system. Dork: Powered by Aardvark Topsites SQL Queries XSS PoC: site_path/index.php?a=searchq=%22%20onmouseover%3dalert(String.fromCharCode(88,83,83))%20par%3d%22 Can use POST to effect the email, title, u and url parameters either on the same way. Tested

The GNU C library dynamic linker will dlopen arbitrary DSOs during setuid loads.

The GNU C library dynamic linker will dlopen arbitrary DSOs during setuid loads --- Cześć, This advisory describes CVE-2010-3856, an addendum to CVE-2010-3847. Please see http://seclists.org/fulldisclosure/2010/Oct/257

[ MDVSA-2010:211 ] mozilla-thunderbird

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2010:211 http://www.mandriva.com/security/

Re: MULTIPLE REMOTE SQL INJECTION VULNERABILITIES---MIM:InfiniX v1.2.003---

Bug Fixed http://sourceforge.net/projects/infinix/

[USN-1009-1] GNU C Library vulnerabilities

=== Ubuntu Security Notice USN-1009-1 October 22, 2010 glibc, eglibc vulnerabilities CVE-2010-3847, CVE-2010-3856 === A security issue affects the following Ubuntu releases: