fs/jfs/xattr.c in the Linux kernel before 188.8.131.52 does not properly handle
a certain legacy format for storage of extended attributes, which might
allow local users by bypass intended xattr namespace restrictions via an
"os2." substring at the beginning of a name.
Sergey Vlasov discovered that JFS did not correctly handle certain extended
attributes. A local attacker could bypass namespace access rules, leading
to a loss of privacy.
Updated: 2015-07-29 20:38:49 UTC (commit 9756)