Description
A flaw was found in the way the X.Org server handled lock files. A local
user with access to the system console could use this flaw to determine the
existence of a file in a directory not accessible to the user, via a
symbolic link attack. (CVE-2011-4028)
A race condition was found in the way the X.Org server managed temporary
lock files. A local attacker could use this flaw to perform a symbolic link
attack, allowing them to make an arbitrary file world readable, leading to
the disclosure of sensitive information. (CVE-2011-4029)