Mandriva Linux Security Advisory 2013-230 - GNOME Display Manager before 2.21.1 allows local users to change permissions of arbitrary directories via a symlink attack on /tmp/.X11-unix/. The updated packages have been patched to correct this issue.
52fc496e2b4ebb9f1415e08261f0752782983a44bf6d40e2c33d04ddb1941839
Red Hat Security Advisory 2013-1213-01 - The GNOME Display Manager provides the graphical login screen, shown shortly after boot up, log out, and when user-switching. A race condition was found in the way GDM handled the X server sockets directory located in the system temporary directory. An unprivileged user could use this flaw to perform a symbolic link attack, giving them write access to any file, allowing them to escalate their privileges to root. Note that this erratum includes an updated initscripts package. To fix CVE-2013-4169, the vulnerable code was removed from GDM and the initscripts package was modified to create the affected directory safely during the system boot process. Therefore, this update will appear on all systems, however systems without GDM installed are not affected by this flaw.
538d9b0bf864ac5f5ba4356145575335274930ff922d6ba289ac9096bf48441b