fs/jfs/xattr.c in the Linux kernel before 184.108.40.206 does not properly handle
a certain legacy format for storage of extended attributes, which might
allow local users by bypass intended xattr namespace restrictions via an
"os2." substring at the beginning of a name.
Sergey Vlasov discovered that JFS did not correctly handle certain extended
attributes. A local attacker could bypass namespace access rules, leading
to a loss of privacy.
Updated: 2015-10-17 03:35:40 UTC (commit 10086)