fs/jfs/xattr.c in the Linux kernel before 220.127.116.11 does not properly handle
a certain legacy format for storage of extended attributes, which might
allow local users by bypass intended xattr namespace restrictions via an
"os2." substring at the beginning of a name.
Sergey Vlasov discovered that JFS did not correctly handle certain extended
attributes. A local attacker could bypass namespace access rules, leading
to a loss of privacy.
Updated: 2016-03-23 03:37:17 UTC (commit 10817)