CVE-2008-2935

Name of the Vulnerable Software and Affected Versions libxslt versions 1.1.8 through 1.1.24 libxslt-devel-1.1.11 libxslt-python-1.1.11 libxslt1-dev libxslt1-dbg libxslt1.1

Description The issue allows context-dependent attackers to execute arbitrary code via an XML file containing a long string as an argument in the XSL input, potentially leading to disruption of confidentiality, integrity, and availability of protected information. Exploitation can be carried out remotely.

Recommendations For libxslt versions 1.1.8 through 1.1.24, update to a version later than 1.1.24. For libxslt-devel-1.1.11, consider disabling the vulnerable package until a patch is available. For libxslt-python-1.1.11, restrict access to the package to minimize the risk of exploitation. For libxslt1-dev, libxslt1-dbg, and libxslt1.1, update to a newer version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for libxslt (до версии 1.1.24-r1) in Gentoo Linux.