Mandriva Linux Security Advisory 2011-070 - GNOME Display Manager 2.x before 2.32.1 allows local users to change the ownership of arbitrary files via a symlink attack on a face icon file under /var/cache/gdm/. The updated packages have been patched to correct this issue.
0f118fb359865e8ede51fb480d81a21ec3b20361b945d201f83a80eb5aee21c4
Ubuntu Security Notice 1099-1 - Sebastian Krahmer discovered that GDM (GNOME Display Manager) did not properly drop privileges when handling the cache directories used to store users' dmrc and face icon files. This could allow a local attacker to change the ownership of arbitrary files, thereby gaining root privileges.
d514ab3fe4b1a1fc21f19d2440ed651da9ef009bb9076b19c86d194bffa0846f
Debian Linux Security Advisory 2205-1 - Sebastian Krahmer discovered that the gdm3, the GNOME Desktop Manager, does not properly drop privileges when manipulating files related to the logged-in user. As a result, local users can gain root privileges.
fd54d56a30cf7567ea53ed3b6cd7635bfef96b45f84c66c859941eb5f71da7a7