Core X11 clients packages are vulnerable to privilege escalation. The x11perfcomp utility included the current working directory in its PATH environment variable. This allows a local user to execute arbitrary code and gain privileges via unspecified Trojan horse code in the current working directory.
lists.freedesktop.org/archives/xorg-announce/2011-July/001715.html
rhn.redhat.com/errata/RHSA-2013-0502.html
www.securityfocus.com/bid/58082
access.redhat.com/errata/RHSA-2013:0502
access.redhat.com/security/cve/CVE-2011-2504
access.redhat.com/security/updates/classification/#low
bugzilla.redhat.com/show_bug.cgi?id=717672
exchange.xforce.ibmcloud.com/vulnerabilities/82241
rhn.redhat.com/errata/RHSA-2013-0502.html