From secunia security advisory at $URL:
The vulnerability is caused due to a boundary error within the "xfs_readlink()" function (fs/xfs/xfs_vnodeops.c) and can be exploited to cause a buffer overflow via a specially crafted XFS image.
Buffer overflow in the xfs_readlink function in fs/xfs/xfs_vnodeops.c in XFS
in the Linux kernel 2.6, when CONFIG_XFS_DEBUG is disabled, allows local
users to cause a denial of service (memory corruption and crash) and
possibly execute arbitrary code via an XFS image containing a symbolic link
with a long pathname.
There are no longer any 2.x or kernels available in the repository with
the exception of sys-kernel/xbox-sources which is unsupported by security.